Invoker Rights
PROBLEM IDENTIFICATION1                      Customized Objects2                      STD Objects3                      Du...
EXISTING POSITION OF DATABASE OBJECTSDIRMAT         OPS_PROD          INDIRECT MKT             PPC               FIN HR   ...
PRAPOSED POSITION OF DATABASE OBJECTSDIRMAT         OPS_PROD         INDIRECT MKT             PPC              FIN HR     ...
Example• If we have 50 STD Objects and If we have  20 schema• 1000 Objects are Present in DatabaseINDIRECTLYSame 50 Object...
WHAT IS THE SOLUTION    ?Schema                           Schema  A                                  B DIRMAT             ...
What is Invoker-Rights?• Invoker rights is a new model for resolving  references to database elements in a  PL/SQL program...
Existing Method of Objects utilization      DIRMAT                                                INDIRECTDeclare        P...
Objects utilization with Invoker-RightsDIRECT                            INDIRECTPkg_trans                         Pkg_tra...
Exec sp_control           User X                      User Y         Sp_control                 Sp_control                ...
Exec mkt.sp_control           User X                      User Y         Sp_control                 Sp_control            ...
Exec sp_control         User X                     User Y                                 Sp_control              DIRMAT_C...
When you create a PL/SQL program unit, you can include an optional AUTHID clause.There are two forms of this clause:•    A...
WITH definer rights             WITH invoker rightscreate or replace procedure P   create or replace procedure P    as    ...
Exec sp_control  User X             User Y            User Z                    Sp_control DIRMAT_CTL                     ...
Existing Problem•   If Changes done deploy to All Schema time consuming work•   Chances of Missing to some schema results ...
Benefits•   No Need of Deployment to Other schema in case of Changes•   Changes only in one place, lot of time saved•   Le...
Limitations•   Not advised for big processing procedures as performance impact•   Implementation always with core schema
StepsConn OPS_PROD/OPS_PRODcreate or replace procedure P AUTHID CURRENT_USER asBegin----------------end;grant execute on p...
Q&AThank you
Invoker rights
Invoker rights
Upcoming SlideShare
Loading in …5
×

Invoker rights

290 views

Published on

Access Procedure from other Schema

Published in: Education, Technology, Sports
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
290
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Invoker rights

  1. 1. Invoker Rights
  2. 2. PROBLEM IDENTIFICATION1 Customized Objects2 STD Objects3 Dummy/Testing Objects Objects = Procedures + Function + Packages
  3. 3. EXISTING POSITION OF DATABASE OBJECTSDIRMAT OPS_PROD INDIRECT MKT PPC FIN HR ATTEN TRAIN
  4. 4. PRAPOSED POSITION OF DATABASE OBJECTSDIRMAT OPS_PROD INDIRECT MKT PPC FIN HR ATTEN TRAIN
  5. 5. Example• If we have 50 STD Objects and If we have 20 schema• 1000 Objects are Present in DatabaseINDIRECTLYSame 50 Objects Present in Same DATABASE 20 TIMES
  6. 6. WHAT IS THE SOLUTION ?Schema Schema A B DIRMAT INDIRECT MAKE Schema A LIKE Schema B USE Invoker-Rights
  7. 7. What is Invoker-Rights?• Invoker rights is a new model for resolving references to database elements in a PL/SQL program unit. From Oracle 8i onwards, we can decide if a program unit should run with the authority of the definer or of the invoker. This means that multiple schemas, accessing only those elements belonging to the invoker, can share the same piece of code.
  8. 8. Existing Method of Objects utilization DIRMAT INDIRECTDeclare Pkg_trans Declare Pkg_trans... ...Begin Begin Select… Select…End; End; Table OPS_PROD Table Declare Pkg_trans ... Begin Select… End; PPC MKT Table Declare Pkg_trans Declare Pkg_trans ... ... Begin Begin Select… Select… End; End; Table Table
  9. 9. Objects utilization with Invoker-RightsDIRECT INDIRECTPkg_trans Pkg_trans OPS_PROD Pkg_trans Table Table Declare ... Begin Select… End; PPC MKT Table Pkg_trans Pkg_trans Table Table
  10. 10. Exec sp_control User X User Y Sp_control Sp_control DIRMAT_CTL MKT_CTLDIRMAT MKT
  11. 11. Exec mkt.sp_control User X User Y Sp_control Sp_control DIRMAT_CTL MKT_CTLDIRMAT MKT
  12. 12. Exec sp_control User X User Y Sp_control DIRMAT_CTL MKT_CTLDIRMAT MKT
  13. 13. When you create a PL/SQL program unit, you can include an optional AUTHID clause.There are two forms of this clause:• AUTHID DEFINER• AUTHID CURRENT_USER AUTHID DEFINER is the default
  14. 14. WITH definer rights WITH invoker rightscreate or replace procedure P create or replace procedure P as AUTHID CURRENT_USERBegin as--------- Begin------- ---------end; ------- end;
  15. 15. Exec sp_control User X User Y User Z Sp_control DIRMAT_CTL PROD_CTL MKT_CTLDIRMAT OPS_PROD MKT
  16. 16. Existing Problem• If Changes done deploy to All Schema time consuming work• Chances of Missing to some schema results in Issues• More Objects More Maintenance• Accumulation of Un-necessary Objects end up in JUNK Objects• More Time for Backup and Recovery
  17. 17. Benefits• No Need of Deployment to Other schema in case of Changes• Changes only in one place, lot of time saved• Less Maintenance due to less Objects• Security as Only Authorized person have access• Fast Backup and Recovery due to Less Objects
  18. 18. Limitations• Not advised for big processing procedures as performance impact• Implementation always with core schema
  19. 19. StepsConn OPS_PROD/OPS_PRODcreate or replace procedure P AUTHID CURRENT_USER asBegin----------------end;grant execute on p to dirmatconn dirmat/dirmatexec ops_prod.p;grant execute on p to publiccreate public synonym sp_control for ops_prod.p;conn dirmat/dirmatexec sp_control;
  20. 20. Q&AThank you

×