|Oracle® Database Security Guide
10g Release 1 (10.1)
Part Number B10773-01
Database roles that are granted to application users and that are secured by embedding passwords inside the application. See also secure application roles
Definer's rights procedures execute with the privileges of their owner, not their current user. Such definer's rights sub-programs are bound to the schema in which they reside. For example, assume that user
blake and user
scott each have a table called
dept in their respective user schemas. If user
blake calls a definer's rights procedure, which is owned by user
scott, to update the
dept table, then this procedure will update the
dept table in the
scott schema because this procedure executes with the privileges of the user who owns (defined) the procedure.
A special Kerberos ticket that can be forwarded to proxies permits the proxy to obtain additional Kerberos tickets on behalf of the client for proxy authentication. See also Kerberos ticket
Invoker's rights procedures execute with the privileges of the current user, that is, the user who invokes the procedure. Such procedures are not bound to a particular schema. They can be run by a variety of users and allow multiple users to manage their own data by using centralized application logic. Invoker's rights procedures are created with the
AUTHID clause in the declaration section of the procedure code.
A temporary set of electronic credentials that verify the identity of a client for a particular service. Also referred to as a service ticket.
(KDC) A machine that issues Kerberos tickets. See also Kerberos ticket
Like an application roles, a secure application role is a database role that is granted to application users, but it is secured by using an Invoker's Right stored procedure to retrieve the role password from a database table. A secure application role password is not embedded in the application. See also application roles
See Kerberos ticket