SlideShare a Scribd company logo

AMIS definer invoker rights

Getting value from IoT, Integration and Data Analytics
Getting value from IoT, Integration and Data Analytics

Deze presentatie is gegeven tijdens de KScope conferentie 2012 Spreker: Patrick Barel Titel: Should Invoker Rights Be Used? Onderwerp: Developers Toolbox - Coding Deze presentatie gaat over de vraag of het Invoker Rights model van de Oracle Database, voor verschillende gebruikers binnen dezelfde database, kan helpen bij het scheiden van de zichtbaarheid van de data. Door gebruik te maken van de techniek deze techniek kun je op een relatief eenvoudige wijze ervoor zorgen dat gebruikers alleen werken op hun eigen data en niet op die van anderen. Als het bijvoorbeeld gaat om een hosted applicatie, dan hoeft er nog maar één codebase te zijn, waardoor alle gebruikers direct profiteren van verbeteringen die aangebracht worden. Daarnaast leer je in deze sessie hoe je één set code kunt onderhouden voor verschillende gebruikers van de applicatie en hoe je je ‘gedeeltelijk’ kunt beschermen tegen SQL Injection.

Technology
1 of 26
Download to read offline
Developers Toolbox – Coding Should invoker rights be used? Patrick Barel , AMIS, The Netherlands Monday, June 25, 2012 ODTUG KScope 12 San Antonio, Texas, USA
Definer Rights vs Invoker Rights  Prior to Oracle8i, whenever you executed a stored program, it ran under the privileges of the account in which the program was defined.  This is called the … Definer Rights Model  With Oracle8i, you can now decide at compilation time whether your program or package will execute in the definer's schema (the default) or the schema of the invoker of the code.  This is called the … Invoker Rights Model
Definer Rights Patrick Mitchell Code Invoke R e f Relations Relations
Invoker Rights Patrick Mitchell Code Invoke Relations Relations
Invoker Rights  Allows you to centralize access to and control of underlying data structures.  Uses roles and doesn’t rely on directly-granted privileges.  But it can be a source of confusion and architectural problems. Note: Oracle built-in packages have long had the capability of running under the invoker's authority.
What’s wrong with Definer Rights  Deployment & maintenance  Must install module in all schemas where needed  In some databases, each user has own copy of table(s), requiring copy of stored module  Security  No declarative way to restrict privileges on certain modules in a package -- it's all or nothing, unless you write code in the package to essentially recreate roles programmatically.  Difficult to audit privileges  Sure would be nice to have a choice...and now you do!
Invoker Rights  For top level modules: CREATE [ OR REPLACE ] <module type> [ AUTHID { DEFINER | CURRENT_USER } ] AS ...  For modules with separate spec and body, AUTHID goes only in spec, and must be at the package level.  Holds true for packages and object types.
Overview of Definer Rights begin package y x.foo; authid package x definer end; authid definer package z authid definer Emp Emp Emp
Overview of Invoker Rights begin package y x.foo; authid package x definer end; authid current_user package z authid current_user Emp Emp Emp
Overview of Invoker Rights begin x.foo; end; package y Emp authid package x definer authid current_user begin package z x.foo; authid end; current_user Emp Emp Emp
Mock objects To compile code you still need the structure of the objects.
Mock objects begin begin x.foo; x.foo; package x end; end; Execute authid Execute current_user Col1 Col2 Col3 Col4 Col1 Col2 Col3 Col4 A.val1 A.val2 A.val3 A.val4 B.val1 B.val2 B.val3 B.val4 A.val5 A.val6 A.val7 A.val8 B.val5 B.val6 B.val7 B.val8 A.val9 A.val10 A.val11 A.val12 B.val9 B.val10 B.val11 B.val12 A.val13 A.val14 A.val15 A.val16 B.val13 B.val14 B.val15 B.val16 Col1` Col2 Col3 Col4
Definer Rights  Use a single codebase for multiple users  (a bit of) Protection from SQL Injection
Single codebase User1 User2 App Mock objects
Single codebase User1 User2 App Code
Single codebase User1 User2 App
Single codebase Application code in a central schema (with mock objects) User1 User2 App
Single codebase Each user has it’s own set of tables, views and sequences User1 User2 App
Single codebase Columns can be different in each schema User1 User2 App
Advantages  One time development  Specific code in user schema  (partial) Protection from SQL Injection
Drawbacks  Debugging can be hard  Support can be hard
SQL Injection  Dynamic SQL  Modification (drop) of objects You cannot drop what is not there  Modification of records Will only affect current users data  You should always use binding instead of concatenating in Dynamic SQL Statements
Rules and Restrictions AUTHID DEFINER Definer Rights Model Uses directly granted privileges Default, so no need to change current code AUTHID CURRENT_USER Invoker Rights Model Uses ROLEs On entire objects Need for ‘mock’ objects (at compile time it’s Definer Rights)
AMIS definer invoker rights

Recommended

C++ Quick Reference Sheet from Hoomanb.com
C++ Quick Reference Sheet from Hoomanb.comC++ Quick Reference Sheet from Hoomanb.com
C++ Quick Reference Sheet from Hoomanb.comFrescatiStory
 
C++ boot camp part 1/2
C++ boot camp part 1/2C++ boot camp part 1/2
C++ boot camp part 1/2Jesse Talavera-Greenberg
 
A Re-Introduction to JavaScript
A Re-Introduction to JavaScriptA Re-Introduction to JavaScript
A Re-Introduction to JavaScriptSimon Willison
 
Building DSLs with Xtext - Eclipse Modeling Day 2009
Building DSLs with Xtext - Eclipse Modeling Day 2009Building DSLs with Xtext - Eclipse Modeling Day 2009
Building DSLs with Xtext - Eclipse Modeling Day 2009Heiko Behrens
 
Swift Programming
Swift ProgrammingSwift Programming
Swift ProgrammingCodemotion
 
Java 7 new features
Java 7 new featuresJava 7 new features
Java 7 new featuresShivam Goel
 
JavaScript Programming
JavaScript ProgrammingJavaScript Programming
JavaScript ProgrammingSehwan Noh
 
Virtual Separation of Concerns (2011 Update)
Virtual Separation of Concerns (2011 Update)Virtual Separation of Concerns (2011 Update)
Virtual Separation of Concerns (2011 Update)chk49
 

Recommended

C++ Quick Reference Sheet from Hoomanb.com
C++ Quick Reference Sheet from Hoomanb.comC++ Quick Reference Sheet from Hoomanb.com
C++ Quick Reference Sheet from Hoomanb.comFrescatiStory
 
C++ boot camp part 1/2
C++ boot camp part 1/2C++ boot camp part 1/2
C++ boot camp part 1/2Jesse Talavera-Greenberg
 
A Re-Introduction to JavaScript
A Re-Introduction to JavaScriptA Re-Introduction to JavaScript
A Re-Introduction to JavaScriptSimon Willison
 
Building DSLs with Xtext - Eclipse Modeling Day 2009
Building DSLs with Xtext - Eclipse Modeling Day 2009Building DSLs with Xtext - Eclipse Modeling Day 2009
Building DSLs with Xtext - Eclipse Modeling Day 2009Heiko Behrens
 
Swift Programming
Swift ProgrammingSwift Programming
Swift ProgrammingCodemotion
 
Java 7 new features
Java 7 new featuresJava 7 new features
Java 7 new featuresShivam Goel
 
JavaScript Programming
JavaScript ProgrammingJavaScript Programming
JavaScript ProgrammingSehwan Noh
 
Virtual Separation of Concerns (2011 Update)
Virtual Separation of Concerns (2011 Update)Virtual Separation of Concerns (2011 Update)
Virtual Separation of Concerns (2011 Update)chk49
 
Grand Central Dispatch
Grand Central DispatchGrand Central Dispatch
Grand Central DispatchRobert Brown
 
Sdl Basic
Sdl BasicSdl Basic
Sdl Basicroberto viola
 
Java Bytecode Fundamentals - JUG.lv
Java Bytecode Fundamentals - JUG.lvJava Bytecode Fundamentals - JUG.lv
Java Bytecode Fundamentals - JUG.lvAnton Arhipov
 
Android JNI
Android JNIAndroid JNI
Android JNISiva Ramakrishna kv
 
Introduction to Swift
Introduction to SwiftIntroduction to Swift
Introduction to SwiftMatteo Battaglio
 
Clojure Interoperability
Clojure InteroperabilityClojure Interoperability
Clojure Interoperabilityrik0
 
Phpをいじり倒す10の方法
Phpをいじり倒す10の方法Phpをいじり倒す10の方法
Phpをいじり倒す10の方法Moriyoshi Koizumi
 
Final project powerpoint template (fndprg) (1)
Final project powerpoint template (fndprg) (1)Final project powerpoint template (fndprg) (1)
Final project powerpoint template (fndprg) (1)heoff
 
What lies beneath the beautiful code?
What lies beneath the beautiful code?What lies beneath the beautiful code?
What lies beneath the beautiful code?Niranjan Sarade
 
Mirah Talk for Boulder Ruby Group
Mirah Talk for Boulder Ruby GroupMirah Talk for Boulder Ruby Group
Mirah Talk for Boulder Ruby Groupbaroquebobcat
 
Lifting variability from C to mbeddr-C
Lifting variability from C to mbeddr-CLifting variability from C to mbeddr-C
Lifting variability from C to mbeddr-CFederico Tomassetti
 
Java if and else
Java if and elseJava if and else
Java if and elsepratik8897
 
C++11 talk
C++11 talkC++11 talk
C++11 talkvpoliboyina
 
Ruby Internals
Ruby InternalsRuby Internals
Ruby InternalsBurke Libbey
 
Switch case and looping jam
Switch case and looping jamSwitch case and looping jam
Switch case and looping jamJamaicaAubreyUnite
 
From dot net_to_rails
From dot net_to_railsFrom dot net_to_rails
From dot net_to_railspythonandchips
 
Smart Pointer in C++
Smart Pointer in C++Smart Pointer in C++
Smart Pointer in C++永泉 韩
 
PHP 8: Process & Fixing Insanity
PHP 8: Process & Fixing InsanityPHP 8: Process & Fixing Insanity
PHP 8: Process & Fixing InsanityGeorgePeterBanyard
 
Javascript basics
Javascript basicsJavascript basics
Javascript basicsFin Chen
 
Python idiomatico
Python idiomaticoPython idiomatico
Python idiomaticoPyCon Italia
 
SOA_BPM_12c_launch_event_SOA_track_Servicebus12c_newfeatures_lucas_jellema
SOA_BPM_12c_launch_event_SOA_track_Servicebus12c_newfeatures_lucas_jellemaSOA_BPM_12c_launch_event_SOA_track_Servicebus12c_newfeatures_lucas_jellema
SOA_BPM_12c_launch_event_SOA_track_Servicebus12c_newfeatures_lucas_jellemaGetting value from IoT, Integration and Data Analytics
 
AMIS Oracle OpenWorld 2013 Review Part 2 - Platform Middleware Publication
AMIS Oracle OpenWorld 2013 Review Part 2 - Platform Middleware PublicationAMIS Oracle OpenWorld 2013 Review Part 2 - Platform Middleware Publication
AMIS Oracle OpenWorld 2013 Review Part 2 - Platform Middleware PublicationGetting value from IoT, Integration and Data Analytics
 

More Related Content

What's hot

Grand Central Dispatch
Grand Central DispatchGrand Central Dispatch
Grand Central DispatchRobert Brown
 
Java Bytecode Fundamentals - JUG.lv
Java Bytecode Fundamentals - JUG.lvJava Bytecode Fundamentals - JUG.lv
Java Bytecode Fundamentals - JUG.lvAnton Arhipov
 
Clojure Interoperability
Clojure InteroperabilityClojure Interoperability
Clojure Interoperabilityrik0
 
Phpをいじり倒す10の方法
Phpをいじり倒す10の方法Phpをいじり倒す10の方法
Phpをいじり倒す10の方法Moriyoshi Koizumi
 
Final project powerpoint template (fndprg) (1)
Final project powerpoint template (fndprg) (1)Final project powerpoint template (fndprg) (1)
Final project powerpoint template (fndprg) (1)heoff
 
What lies beneath the beautiful code?
What lies beneath the beautiful code?What lies beneath the beautiful code?
What lies beneath the beautiful code?Niranjan Sarade
 
Mirah Talk for Boulder Ruby Group
Mirah Talk for Boulder Ruby GroupMirah Talk for Boulder Ruby Group
Mirah Talk for Boulder Ruby Groupbaroquebobcat
 
Lifting variability from C to mbeddr-C
Lifting variability from C to mbeddr-CLifting variability from C to mbeddr-C
Lifting variability from C to mbeddr-CFederico Tomassetti
 
Java if and else
Java if and elseJava if and else
Java if and elsepratik8897
 
Smart Pointer in C++
Smart Pointer in C++Smart Pointer in C++
Smart Pointer in C++永泉 韩
 
PHP 8: Process & Fixing Insanity
PHP 8: Process & Fixing InsanityPHP 8: Process & Fixing Insanity
PHP 8: Process & Fixing InsanityGeorgePeterBanyard
 
Javascript basics
Javascript basicsJavascript basics
Javascript basicsFin Chen
 

What's hot (20)

Grand Central Dispatch
Grand Central DispatchGrand Central Dispatch
Grand Central Dispatch
 
Sdl Basic
Sdl BasicSdl Basic
Sdl Basic
 
Java Bytecode Fundamentals - JUG.lv
Java Bytecode Fundamentals - JUG.lvJava Bytecode Fundamentals - JUG.lv
Java Bytecode Fundamentals - JUG.lv
 
Android JNI
Android JNIAndroid JNI
Android JNI
 
Introduction to Swift
Introduction to SwiftIntroduction to Swift
Introduction to Swift
 
Clojure Interoperability
Clojure InteroperabilityClojure Interoperability
Clojure Interoperability
 
Phpをいじり倒す10の方法
Phpをいじり倒す10の方法Phpをいじり倒す10の方法
Phpをいじり倒す10の方法
 
Final project powerpoint template (fndprg) (1)
Final project powerpoint template (fndprg) (1)Final project powerpoint template (fndprg) (1)
Final project powerpoint template (fndprg) (1)
 
What lies beneath the beautiful code?
What lies beneath the beautiful code?What lies beneath the beautiful code?
What lies beneath the beautiful code?
 
Mirah Talk for Boulder Ruby Group
Mirah Talk for Boulder Ruby GroupMirah Talk for Boulder Ruby Group
Mirah Talk for Boulder Ruby Group
 
Lifting variability from C to mbeddr-C
Lifting variability from C to mbeddr-CLifting variability from C to mbeddr-C
Lifting variability from C to mbeddr-C
 
Java if and else
Java if and elseJava if and else
Java if and else
 
C++11 talk
C++11 talkC++11 talk
C++11 talk
 
Ruby Internals
Ruby InternalsRuby Internals
Ruby Internals
 
Switch case and looping jam
Switch case and looping jamSwitch case and looping jam
Switch case and looping jam
 
From dot net_to_rails
From dot net_to_railsFrom dot net_to_rails
From dot net_to_rails
 
Smart Pointer in C++
Smart Pointer in C++Smart Pointer in C++
Smart Pointer in C++
 
PHP 8: Process & Fixing Insanity
PHP 8: Process & Fixing InsanityPHP 8: Process & Fixing Insanity
PHP 8: Process & Fixing Insanity
 
Javascript basics
Javascript basicsJavascript basics
Javascript basics
 
Python idiomatico
Python idiomaticoPython idiomatico
Python idiomatico
 

Viewers also liked

Viewers also liked (6)

SOA_BPM_12c_launch_event_SOA_track_Servicebus12c_newfeatures_lucas_jellema
SOA_BPM_12c_launch_event_SOA_track_Servicebus12c_newfeatures_lucas_jellemaSOA_BPM_12c_launch_event_SOA_track_Servicebus12c_newfeatures_lucas_jellema
SOA_BPM_12c_launch_event_SOA_track_Servicebus12c_newfeatures_lucas_jellema
 
AMIS Oracle OpenWorld 2013 Review Part 2 - Platform Middleware Publication
AMIS Oracle OpenWorld 2013 Review Part 2 - Platform Middleware PublicationAMIS Oracle OpenWorld 2013 Review Part 2 - Platform Middleware Publication
AMIS Oracle OpenWorld 2013 Review Part 2 - Platform Middleware Publication
 
An AMIS overview of database 12c
An AMIS overview of database 12cAn AMIS overview of database 12c
An AMIS overview of database 12c
 
ADF Mobile: 10 Things you don't get from the developers guide - Luc Bors
ADF Mobile: 10 Things you don't get from the developers guide - Luc BorsADF Mobile: 10 Things you don't get from the developers guide - Luc Bors
ADF Mobile: 10 Things you don't get from the developers guide - Luc Bors
 
Should Invoker Rights be used?
Should Invoker Rights be used?Should Invoker Rights be used?
Should Invoker Rights be used?
 
Extensibility in the cloud – power to the business user
Extensibility in the cloud – power to the business userExtensibility in the cloud – power to the business user
Extensibility in the cloud – power to the business user
 

Similar to AMIS definer invoker rights

iPhone Seminar Part 2
iPhone Seminar Part 2iPhone Seminar Part 2
iPhone Seminar Part 2NAILBITER
 
Serial Killer - Silently Pwning your Java Endpoints // OWASP BeNeLux Day 2016
Serial Killer - Silently Pwning your Java Endpoints // OWASP BeNeLux Day 2016Serial Killer - Silently Pwning your Java Endpoints // OWASP BeNeLux Day 2016
Serial Killer - Silently Pwning your Java Endpoints // OWASP BeNeLux Day 2016Christian Schneider
 
A Practical Look at SystemVerilog Coverage
A Practical Look at SystemVerilog CoverageA Practical Look at SystemVerilog Coverage
A Practical Look at SystemVerilog CoverageDVClub
 
OpenERP Technical Memento
OpenERP Technical MementoOpenERP Technical Memento
OpenERP Technical MementoOdoo
 
Clojure Fundamentals Course For Beginners
Clojure Fundamentals Course For Beginners Clojure Fundamentals Course For Beginners
Clojure Fundamentals Course For Beginners Paddy Lock
 
Industrial Strength Groovy - Tools for the Professional Groovy Developer: Pau...
Industrial Strength Groovy - Tools for the Professional Groovy Developer: Pau...Industrial Strength Groovy - Tools for the Professional Groovy Developer: Pau...
Industrial Strength Groovy - Tools for the Professional Groovy Developer: Pau...Paul King
 
Lec 4 06_aug [compatibility mode]
Lec 4 06_aug [compatibility mode]Lec 4 06_aug [compatibility mode]
Lec 4 06_aug [compatibility mode]Palak Sanghani
 
College Project - Java Disassembler - Description
College Project - Java Disassembler - DescriptionCollege Project - Java Disassembler - Description
College Project - Java Disassembler - DescriptionGanesh Samarthyam
 
Qtp training session IV
Qtp training session IVQtp training session IV
Qtp training session IVAisha Mazhar
 
Anatomy of a Buffer Overflow Attack
Anatomy of a Buffer Overflow AttackAnatomy of a Buffer Overflow Attack
Anatomy of a Buffer Overflow AttackRob Gillen
 
How to Reverse Engineer Web Applications
How to Reverse Engineer Web ApplicationsHow to Reverse Engineer Web Applications
How to Reverse Engineer Web ApplicationsJarrod Overson
 
Javascriptinobject orientedway-090512225827-phpapp02
Javascriptinobject orientedway-090512225827-phpapp02Javascriptinobject orientedway-090512225827-phpapp02
Javascriptinobject orientedway-090512225827-phpapp02Sopheak Sem
 

Similar to AMIS definer invoker rights (20)

iPhone Seminar Part 2
iPhone Seminar Part 2iPhone Seminar Part 2
iPhone Seminar Part 2
 
Serial Killer - Silently Pwning your Java Endpoints // OWASP BeNeLux Day 2016
Serial Killer - Silently Pwning your Java Endpoints // OWASP BeNeLux Day 2016Serial Killer - Silently Pwning your Java Endpoints // OWASP BeNeLux Day 2016
Serial Killer - Silently Pwning your Java Endpoints // OWASP BeNeLux Day 2016
 
AngularJS Scopes
AngularJS ScopesAngularJS Scopes
AngularJS Scopes
 
Doulos coverage-tips-tricks
Doulos coverage-tips-tricksDoulos coverage-tips-tricks
Doulos coverage-tips-tricks
 
A Practical Look at SystemVerilog Coverage
A Practical Look at SystemVerilog CoverageA Practical Look at SystemVerilog Coverage
A Practical Look at SystemVerilog Coverage
 
Rogue bundles
Rogue bundlesRogue bundles
Rogue bundles
 
The Veil-Framework
The Veil-FrameworkThe Veil-Framework
The Veil-Framework
 
OpenERP Technical Memento
OpenERP Technical MementoOpenERP Technical Memento
OpenERP Technical Memento
 
Acceleo Code Generation
Acceleo Code GenerationAcceleo Code Generation
Acceleo Code Generation
 
React native
React nativeReact native
React native
 
Clojure Fundamentals Course For Beginners
Clojure Fundamentals Course For Beginners Clojure Fundamentals Course For Beginners
Clojure Fundamentals Course For Beginners
 
Xtext Webinar
Xtext WebinarXtext Webinar
Xtext Webinar
 
Industrial Strength Groovy - Tools for the Professional Groovy Developer: Pau...
Industrial Strength Groovy - Tools for the Professional Groovy Developer: Pau...Industrial Strength Groovy - Tools for the Professional Groovy Developer: Pau...
Industrial Strength Groovy - Tools for the Professional Groovy Developer: Pau...
 
Lec 4 06_aug [compatibility mode]
Lec 4 06_aug [compatibility mode]Lec 4 06_aug [compatibility mode]
Lec 4 06_aug [compatibility mode]
 
Xtext Webinar
Xtext WebinarXtext Webinar
Xtext Webinar
 
College Project - Java Disassembler - Description
College Project - Java Disassembler - DescriptionCollege Project - Java Disassembler - Description
College Project - Java Disassembler - Description
 
Qtp training session IV
Qtp training session IVQtp training session IV
Qtp training session IV
 
Anatomy of a Buffer Overflow Attack
Anatomy of a Buffer Overflow AttackAnatomy of a Buffer Overflow Attack
Anatomy of a Buffer Overflow Attack
 
How to Reverse Engineer Web Applications
How to Reverse Engineer Web ApplicationsHow to Reverse Engineer Web Applications
How to Reverse Engineer Web Applications
 
Javascriptinobject orientedway-090512225827-phpapp02
Javascriptinobject orientedway-090512225827-phpapp02Javascriptinobject orientedway-090512225827-phpapp02
Javascriptinobject orientedway-090512225827-phpapp02
 

More from Getting value from IoT, Integration and Data Analytics

More from Getting value from IoT, Integration and Data Analytics (20)

AMIS Oracle OpenWorld en Code One Review 2018 - Blockchain, Integration, Serv...
AMIS Oracle OpenWorld en Code One Review 2018 - Blockchain, Integration, Serv...AMIS Oracle OpenWorld en Code One Review 2018 - Blockchain, Integration, Serv...
AMIS Oracle OpenWorld en Code One Review 2018 - Blockchain, Integration, Serv...
 
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 2: Custom Application ...
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 2: Custom Application ...AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 2: Custom Application ...
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 2: Custom Application ...
 
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 2: SaaS
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 2: SaaSAMIS Oracle OpenWorld en Code One Review 2018 - Pillar 2: SaaS
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 2: SaaS
 
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 1: Data
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 1: DataAMIS Oracle OpenWorld en Code One Review 2018 - Pillar 1: Data
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 1: Data
 
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 1: Cloud Infrastructure
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 1: Cloud Infrastructure AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 1: Cloud Infrastructure
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 1: Cloud Infrastructure
 
10 tips voor verbetering in je Linkedin profiel
10 tips voor verbetering in je Linkedin profiel10 tips voor verbetering in je Linkedin profiel
10 tips voor verbetering in je Linkedin profiel
 
Iot in de zorg the next step - fit for purpose
Iot in de zorg the next step - fit for purpose Iot in de zorg the next step - fit for purpose
Iot in de zorg the next step - fit for purpose
 
Iot overview .. Best practices and lessons learned by Conclusion Conenct
Iot overview .. Best practices and lessons learned by Conclusion Conenct Iot overview .. Best practices and lessons learned by Conclusion Conenct
Iot overview .. Best practices and lessons learned by Conclusion Conenct
 
IoT Fit for purpose - how to be successful in IOT Conclusion Connect
IoT Fit for purpose - how to be successful in IOT Conclusion Connect IoT Fit for purpose - how to be successful in IOT Conclusion Connect
IoT Fit for purpose - how to be successful in IOT Conclusion Connect
 
Industry and IOT Overview of protocols and best practices Conclusion Connect
Industry and IOT Overview of protocols and best practices Conclusion ConnectIndustry and IOT Overview of protocols and best practices Conclusion Connect
Industry and IOT Overview of protocols and best practices Conclusion Connect
 
IoT practical case using the people counter sensing traffic density build usi...
IoT practical case using the people counter sensing traffic density build usi...IoT practical case using the people counter sensing traffic density build usi...
IoT practical case using the people counter sensing traffic density build usi...
 
R introduction decision_trees
R introduction decision_treesR introduction decision_trees
R introduction decision_trees
 
Introduction overviewmachinelearning sig Door Lucas Jellema
Introduction overviewmachinelearning sig Door Lucas JellemaIntroduction overviewmachinelearning sig Door Lucas Jellema
Introduction overviewmachinelearning sig Door Lucas Jellema
 
IoT and the Future of work
IoT and the Future of work IoT and the Future of work
IoT and the Future of work
 
Oracle OpenWorld 2017 Review (31st October 2017 - 250 slides)
Oracle OpenWorld 2017 Review (31st October 2017 - 250 slides)Oracle OpenWorld 2017 Review (31st October 2017 - 250 slides)
Oracle OpenWorld 2017 Review (31st October 2017 - 250 slides)
 
Ethereum smart contracts - door Peter Reitsma
Ethereum smart contracts - door Peter ReitsmaEthereum smart contracts - door Peter Reitsma
Ethereum smart contracts - door Peter Reitsma
 
Blockchain - Techniek en usecases door Robert van Molken - AMIS - Conclusion
Blockchain - Techniek en usecases door Robert van Molken - AMIS - ConclusionBlockchain - Techniek en usecases door Robert van Molken - AMIS - Conclusion
Blockchain - Techniek en usecases door Robert van Molken - AMIS - Conclusion
 
kennissessie blockchain - Wat is Blockchain en smart contracts @Conclusion
kennissessie blockchain - Wat is Blockchain en smart contracts @Conclusion kennissessie blockchain - Wat is Blockchain en smart contracts @Conclusion
kennissessie blockchain - Wat is Blockchain en smart contracts @Conclusion
 
Internet of Things propositie - Enterprise IOT - AMIS - Conclusion
Internet of Things propositie - Enterprise IOT - AMIS - Conclusion Internet of Things propositie - Enterprise IOT - AMIS - Conclusion
Internet of Things propositie - Enterprise IOT - AMIS - Conclusion
 
Omc AMIS evenement 26012017 Dennis van Soest
Omc AMIS evenement 26012017 Dennis van SoestOmc AMIS evenement 26012017 Dennis van Soest
Omc AMIS evenement 26012017 Dennis van Soest
 

Recently uploaded

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Recently uploaded (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

AMIS definer invoker rights

  • 1. Developers Toolbox – Coding Should invoker rights be used? Patrick Barel , AMIS, The Netherlands Monday, June 25, 2012 ODTUG KScope 12 San Antonio, Texas, USA
  • 2.
  • 3. Definer Rights vs Invoker Rights  Prior to Oracle8i, whenever you executed a stored program, it ran under the privileges of the account in which the program was defined.  This is called the … Definer Rights Model  With Oracle8i, you can now decide at compilation time whether your program or package will execute in the definer's schema (the default) or the schema of the invoker of the code.  This is called the … Invoker Rights Model
  • 4. Definer Rights Patrick Mitchell Code Invoke R e f Relations Relations
  • 5. Invoker Rights Patrick Mitchell Code Invoke Relations Relations
  • 6. Invoker Rights  Allows you to centralize access to and control of underlying data structures.  Uses roles and doesn’t rely on directly-granted privileges.  But it can be a source of confusion and architectural problems. Note: Oracle built-in packages have long had the capability of running under the invoker's authority.
  • 7. What’s wrong with Definer Rights  Deployment & maintenance  Must install module in all schemas where needed  In some databases, each user has own copy of table(s), requiring copy of stored module  Security  No declarative way to restrict privileges on certain modules in a package -- it's all or nothing, unless you write code in the package to essentially recreate roles programmatically.  Difficult to audit privileges  Sure would be nice to have a choice...and now you do!
  • 8. Invoker Rights  For top level modules: CREATE [ OR REPLACE ] <module type> [ AUTHID { DEFINER | CURRENT_USER } ] AS ...  For modules with separate spec and body, AUTHID goes only in spec, and must be at the package level.  Holds true for packages and object types.
  • 9. Overview of Definer Rights begin package y x.foo; authid package x definer end; authid definer package z authid definer Emp Emp Emp
  • 10. Overview of Invoker Rights begin package y x.foo; authid package x definer end; authid current_user package z authid current_user Emp Emp Emp
  • 11. Overview of Invoker Rights begin x.foo; end; package y Emp authid package x definer authid current_user begin package z x.foo; authid end; current_user Emp Emp Emp
  • 12. Mock objects To compile code you still need the structure of the objects.
  • 13. Mock objects begin begin x.foo; x.foo; package x end; end; Execute authid Execute current_user Col1 Col2 Col3 Col4 Col1 Col2 Col3 Col4 A.val1 A.val2 A.val3 A.val4 B.val1 B.val2 B.val3 B.val4 A.val5 A.val6 A.val7 A.val8 B.val5 B.val6 B.val7 B.val8 A.val9 A.val10 A.val11 A.val12 B.val9 B.val10 B.val11 B.val12 A.val13 A.val14 A.val15 A.val16 B.val13 B.val14 B.val15 B.val16 Col1` Col2 Col3 Col4
  • 14.
  • 15. Definer Rights  Use a single codebase for multiple users  (a bit of) Protection from SQL Injection
  • 16. Single codebase User1 User2 App Mock objects
  • 17. Single codebase User1 User2 App Code
  • 19. Single codebase Application code in a central schema (with mock objects) User1 User2 App
  • 20. Single codebase Each user has it’s own set of tables, views and sequences User1 User2 App
  • 21. Single codebase Columns can be different in each schema User1 User2 App
  • 22. Advantages  One time development  Specific code in user schema  (partial) Protection from SQL Injection
  • 23. Drawbacks  Debugging can be hard  Support can be hard
  • 24. SQL Injection  Dynamic SQL  Modification (drop) of objects You cannot drop what is not there  Modification of records Will only affect current users data  You should always use binding instead of concatenating in Dynamic SQL Statements
  • 25. Rules and Restrictions AUTHID DEFINER Definer Rights Model Uses directly granted privileges Default, so no need to change current code AUTHID CURRENT_USER Invoker Rights Model Uses ROLEs On entire objects Need for ‘mock’ objects (at compile time it’s Definer Rights)