which they do not have any privileges?

In your multitenant container database (CDB) containing pluggable database (PDBs), the HR user
executes the following commands to create and grant privileges on a procedure:
CREATE OR REPLACE PROCEDURE create_test_v (v_emp_id NUMBER, v_ename
VARCHAR2, v_SALARY NUMBER, v_dept_id NUMBER)
BEGIN
INSERT INTO hr.test VALUES (V_emp_id, V_ename, V_salary, V_dept_id);
END;
/
GRANT EXECUTE ON CREATE_TEST TO john, jim, smith, king;
How can you prevent users having the EXECUTE privilege on the CREATE_TEST procedure from
inserting values into tables on which they do not have any privileges?

A.
Create the CREATE_TEST procedure with definer’s rights.

B.
Grant the EXECUTE privilege to users with GRANT OPTION on the CREATE_TEST
procedure.

C.
Create the CREATE_TEST procedure with invoker’s rights.

D.
Create the CREATE_TEST procedure as part of a package and grant users the EXECUTE
privilege the package.

Explanation:
If a program unit does not need to be executed with the escalated privileges of the
definer, you should specify that the program unit executes with the privileges of the caller, also
known as the invoker. Invoker’s rights can mitigate the risk of SQL injection.
Incorrect:
Not A: By default, stored procedures and SQL methods execute with the privileges of their owner,
not their current user. Suchdefiner-rightssubprograms are bound to the schema in which they
reside.
not B: Using the GRANT option, a user can grant an Object privilege to another user or to
PUBLIC.