Oracle8i
Java Stored Procedures Developer's Guide Release 2 (8.1.6) A81358-01 |
|
By default, Java stored procedures execute with the privileges of their invoker, not their definer. Invoker-rights procedures are not bound to a particular schema. Their unqualified references to schema objects (such as database tables) are resolved in the schema of the invoker, not the definer.
On the other hand, definer-rights procedures are bound to the schema in which they reside. They execute with the privileges of their definer, and their unqualified references to schema objects are resolved in the schema of the definer.
Invoker-rights procedures let you reuse code and centralize application logic. They are especially useful in applications that store data in different schemas. In such cases, multiple users can manage their own data using a single code base.
Consider a company that uses a definer-rights procedure to analyze sales. To provide local sales statistics, the procedure analyze
must access sales
tables that reside at each regional site. To do so, the procedure must also reside at each regional site. This causes a maintenance problem.
To solve the problem, the company installs an invoker-rights (IR) version of the procedure analyze
at headquarters. Now, as Figure 2-2 shows, all regional sites can use the same procedure to query their own sales
tables.
Occasionally, you might want to override the default invoker-rights behavior. Suppose headquarters would like the procedure analyze
to calculate sales commissions and update a central payroll
table. That presents a problem because invokers of analyze
should not have direct access to the payroll
table, which stores employee salaries and other sensitive data. As Figure 2-3 shows, the solution is to have procedure analyze
call the definer-rights (DR) procedure calcComm
, which, in turn, updates the payroll
table.
To override the default invoker-rights behavior, specify the loadjava
option -definer
, which is similar to the UNIX facility setuid
, except that -definer
applies to individual classes, not whole programs.
Different definers can have different privileges, and applications can consist of many classes. So, use the option -definer
carefully, making sure that classes have only the privileges they need.