• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Invoker rights
 

Invoker rights

on

  • 232 views

Access Procedure from other Schema

Access Procedure from other Schema

Statistics

Views

Total Views
232
Views on SlideShare
231
Embed Views
1

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 1

https://si0.twimg.com 1

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Invoker rights Invoker rights Presentation Transcript

    • Invoker Rights
    • PROBLEM IDENTIFICATION1 Customized Objects2 STD Objects3 Dummy/Testing Objects Objects = Procedures + Function + Packages
    • EXISTING POSITION OF DATABASE OBJECTSDIRMAT OPS_PROD INDIRECT MKT PPC FIN HR ATTEN TRAIN
    • PRAPOSED POSITION OF DATABASE OBJECTSDIRMAT OPS_PROD INDIRECT MKT PPC FIN HR ATTEN TRAIN
    • Example• If we have 50 STD Objects and If we have 20 schema• 1000 Objects are Present in DatabaseINDIRECTLYSame 50 Objects Present in Same DATABASE 20 TIMES
    • WHAT IS THE SOLUTION ?Schema Schema A B DIRMAT INDIRECT MAKE Schema A LIKE Schema B USE Invoker-Rights
    • What is Invoker-Rights?• Invoker rights is a new model for resolving references to database elements in a PL/SQL program unit. From Oracle 8i onwards, we can decide if a program unit should run with the authority of the definer or of the invoker. This means that multiple schemas, accessing only those elements belonging to the invoker, can share the same piece of code.
    • Existing Method of Objects utilization DIRMAT INDIRECTDeclare Pkg_trans Declare Pkg_trans... ...Begin Begin Select… Select…End; End; Table OPS_PROD Table Declare Pkg_trans ... Begin Select… End; PPC MKT Table Declare Pkg_trans Declare Pkg_trans ... ... Begin Begin Select… Select… End; End; Table Table
    • Objects utilization with Invoker-RightsDIRECT INDIRECTPkg_trans Pkg_trans OPS_PROD Pkg_trans Table Table Declare ... Begin Select… End; PPC MKT Table Pkg_trans Pkg_trans Table Table
    • Exec sp_control User X User Y Sp_control Sp_control DIRMAT_CTL MKT_CTLDIRMAT MKT
    • Exec mkt.sp_control User X User Y Sp_control Sp_control DIRMAT_CTL MKT_CTLDIRMAT MKT
    • Exec sp_control User X User Y Sp_control DIRMAT_CTL MKT_CTLDIRMAT MKT
    • When you create a PL/SQL program unit, you can include an optional AUTHID clause.There are two forms of this clause:• AUTHID DEFINER• AUTHID CURRENT_USER AUTHID DEFINER is the default
    • WITH definer rights WITH invoker rightscreate or replace procedure P create or replace procedure P as AUTHID CURRENT_USERBegin as--------- Begin------- ---------end; ------- end;
    • Exec sp_control User X User Y User Z Sp_control DIRMAT_CTL PROD_CTL MKT_CTLDIRMAT OPS_PROD MKT
    • Existing Problem• If Changes done deploy to All Schema time consuming work• Chances of Missing to some schema results in Issues• More Objects More Maintenance• Accumulation of Un-necessary Objects end up in JUNK Objects• More Time for Backup and Recovery
    • Benefits• No Need of Deployment to Other schema in case of Changes• Changes only in one place, lot of time saved• Less Maintenance due to less Objects• Security as Only Authorized person have access• Fast Backup and Recovery due to Less Objects
    • Limitations• Not advised for big processing procedures as performance impact• Implementation always with core schema
    • StepsConn OPS_PROD/OPS_PRODcreate or replace procedure P AUTHID CURRENT_USER asBegin----------------end;grant execute on p to dirmatconn dirmat/dirmatexec ops_prod.p;grant execute on p to publiccreate public synonym sp_control for ops_prod.p;conn dirmat/dirmatexec sp_control;
    • Q&AThank you