在编写PLsql程序时,对于授权的考虑很重要。OraclePLsql中提供两种授权选择:
--AUTHID DEFINER (定义者权限):指编译存储对象的所有者。也是默认权限模式。
--AUTHID CURRENT_USER(调用者权限):指拥有当前会话权限的模式,这可能和当前登录用户相同或不同(alter session set current_schema 可以改变调用者Schema)
来看下官方的解释:
By default,stored procedures and sql methods execute with the privileges of their owner,not their current user. Suchdefiner's rights subprograms are bound to the schema in which they reside,allowing you to refer to objects in the same schema without qualifying their names. For example,if schemasHRandOEboth have a table calleddepartments,a procedure owned byHRcan refer todepartmentsrather thanHR.departments. If userOEcallsHR's procedure,the procedure still accesses thedepartmentstable owned byHR.
A more maintainable way is to use theAUTHIDclause,which makes stored procedures and sql methods execute with the privileges and schema context of the calling user. You can create one instance of the procedure,and many users can call it to access their own data.
默认情况,程序以其拥有者身份(定义者)执行。定义者权限的程序与其所在模式绑定,调用对象不需要加上模式完整名称。例如,假如模式HR和OE都有deparments表,HR拥有的程序可直接调用departments而不用HR.departments.而如果OE调用HR的程序,程序仍然调用的是HR的departments.
如果希望不同模式(schema)调用相同的程序却可以操作各自拥有的对象,就可以在定义程序的时候加上AUTHID CURRENT_USER。
下面举例说明2中授权机制:
---------------------------------------------------------------
查看一下sys模式下user_tables表记录数:
创建2个对比函数:
get_count is default auth mode. When another user calls this function it will use SYS's user_tables
get_count2 is CURRENT_USER auth mode. When another user calls this function it will use its user_tables
下面进行授权操作:
结果一目了然。
定义者权限模式确保我们能控制对集中式DML操作。
而调用者权限模式则确保我们能控制对分布式数据的DML操作。
详细信息请参考资料:点击打开链接http://download.csdn.NET/detail/indexman/6642375
-----------------------------------
Dylan presents.
原文链接:https://www.f2er.com/oracle/210365.html