which they do not have any privileges?

In your multitenant container database (CDB) containing pluggable database (PDBs), the HR user executes the
following commands to create and grant privileges on a procedure:
CREATE OR REPLACE PROCEDURE create_test_v (v_emp_id NUMBER, v_ename VARCHAR2, v_SALARY
NUMBER, v_dept_id NUMBER)
BEGIN
INSERT INTO hr.test VALUES (V_emp_id, V_ename, V_salary, V_dept_id);
END;
/
GRANT EXECUTE ON CREATE_TEST TO john, jim, smith, king;
How can you prevent users having the EXECUTE privilege on the CREATE_TEST procedure from inserting
values into tables on which they do not have any privileges?

In your multitenant container database (CDB) containing pluggable database (PDBs), the HR user executes the
following commands to create and grant privileges on a procedure:
CREATE OR REPLACE PROCEDURE create_test_v (v_emp_id NUMBER, v_ename VARCHAR2, v_SALARY
NUMBER, v_dept_id NUMBER)
BEGIN
INSERT INTO hr.test VALUES (V_emp_id, V_ename, V_salary, V_dept_id);
END;
/
GRANT EXECUTE ON CREATE_TEST TO john, jim, smith, king;
How can you prevent users having the EXECUTE privilege on the CREATE_TEST procedure from inserting
values into tables on which they do not have any privileges?

A.
Create the CREATE_TEST procedure with definer’s rights.

B.
Grant the EXECUTE privilege to users with GRANT OPTION on the CREATE_TEST procedure.

C.
Create the CREATE_TEST procedure with invoker’s rights.

D.
Create the CREATE_TEST procedure as part of a package and grant users the EXECUTE privilege the
package.

Explanation:
If a program unit does not need to be executed with the escalated privileges of the definer, you should specify
that the program unit executes with the privileges of the caller, also known as the invoker. Invoker’s rights can
mitigate the risk of SQL injection.
Incorrect:
Not A: By default, stored procedures and SQL methods execute with the privileges of their owner, not their
current user. Such definer-rights subprograms are bound to the schema in which they reside.
not B: Using the GRANT option, a user can grant an Object privilege to another user or to PUBLIC.



Leave a Reply 0

Your email address will not be published. Required fields are marked *