On Wed, 17 Jul 2002 09:08:42 +1000, "Howard J. Rogers"
>I think the big difference is that privileges granted via a role don't work
>if the user involved then runs a package or procedure which tries to work on
>In other words, I have a procedure X which says 'update scott.emp....'.
>You have the ROLE Y, which includes the 'update on scott.emp' privilege.
>You run the procedure, it won't work.
>I grant you the 'update on scott.emp' privilege directly, you run the
>procedure and now it does work.
So this means, preferably, as best practice, the code should be owned
by the owner of the object, or in 8i and higher, created with authid
In both cases there is no need to muck around with direct grants.
Sybrand Bakker, Senior Oracle DBA
To reply remove -verwijderdit from my e-mail address