存储过程中动态SQL权限不足-Mysql Tutorial-php.cn

Home

Database

Mysql Tutorial

存储过程中动态SQL权限不足

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 07, 2016 pm 04:35 PM

sqlsysteminsufficientdynamicstoragePermissionsaccount

在System账号下执行以下存储过程出现权限不足错误 create ?procedure ?immediateSQL begin executive immediate grant select on ?scott.emp to ?infodata; end; begin immediateSQL; end; 但是直接在SQL Plus下直接执行以下语句没有任何问题 begin executiv

在System账号下执行以下存储过程出现权限不足错误

create ?procedure ?immediateSQL

begin

executive immediate ‘grant select on ?scott.emp to ?infodata’;

end;

begin

immediateSQL;

end;

但是直接在SQL Plus下直接执行以下语句没有任何问题

begin

executive immediate ‘grant select on ?scott.emp to ?infodata’;

end;

查阅资料发现存储过程分为两种，即DR(Definer’s Rights ) Procedure和IR(Invoker’s Rights ) Procedure。

如下定义执行后就没有问题

create ?procedure ?immediateSQL ?AUTHID CURRENT_USER

begin

executive immediate ‘grant select on ?scott.emp to ?infodata’;

end;

存储过程的名称解析环境存储过程的执行权限

这两个问题可以在定义存储过程时，通过指定AUTHID 属性，即定义DR Procedure 和IR Procedure来解决。

DR Procedure

1、定义

CREATE OR REPLACE procedure DEMO(ID in NUMBER) AUTHID DEFINER as

BEGIN

END;

2、名称解析环境为定义该存储过程的用户所在的Schema。

3、执行该存储过程时只有Public权限。

IR Procedure

1、定义

CREATE OR REPLACE procedure DEMO(ID in NUMBER) AUTHID CURRENT_USER as

BEGIN

END;

2、名称解析环境为调用该存储过程的用户所在的Schema。

3、执行该存储过程时拥有调用者的所有权限，即调用者的Role是有效的。

原文地址：存储过程中动态SQL权限不足, 感谢原作者分享。

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

What Are the Limitations of Using Views in MySQL?May 14, 2025 am 12:10 AM

MySQLviewshavelimitations:1)Theydon'tsupportallSQLoperations,restrictingdatamanipulationthroughviewswithjoinsorsubqueries.2)Theycanimpactperformance,especiallywithcomplexqueriesorlargedatasets.3)Viewsdon'tstoredata,potentiallyleadingtooutdatedinforma

Securing Your MySQL Database: Adding Users and Granting PrivilegesMay 14, 2025 am 12:09 AM

ProperusermanagementinMySQLiscrucialforenhancingsecurityandensuringefficientdatabaseoperation.1)UseCREATEUSERtoaddusers,specifyingconnectionsourcewith@'localhost'or@'%'.2)GrantspecificprivilegeswithGRANT,usingleastprivilegeprincipletominimizerisks.3)

What Factors Influence the Number of Triggers I Can Use in MySQL?May 14, 2025 am 12:08 AM

MySQLdoesn'timposeahardlimitontriggers,butpracticalfactorsdeterminetheireffectiveuse:1)Serverconfigurationimpactstriggermanagement;2)Complextriggersincreasesystemload;3)Largertablesslowtriggerperformance;4)Highconcurrencycancausetriggercontention;5)M

MySQL: Is it safe to store BLOB?May 14, 2025 am 12:07 AM

Yes,it'ssafetostoreBLOBdatainMySQL,butconsiderthesefactors:1)StorageSpace:BLOBscanconsumesignificantspace,potentiallyincreasingcostsandslowingperformance.2)Performance:LargerrowsizesduetoBLOBsmayslowdownqueries.3)BackupandRecovery:Theseprocessescanbe

MySQL: Adding a user through a PHP web interfaceMay 14, 2025 am 12:04 AM

Adding MySQL users through the PHP web interface can use MySQLi extensions. The steps are as follows: 1. Connect to the MySQL database and use the MySQLi extension. 2. Create a user, use the CREATEUSER statement, and use the PASSWORD() function to encrypt the password. 3. Prevent SQL injection and use the mysqli_real_escape_string() function to process user input. 4. Assign permissions to new users and use the GRANT statement.

MySQL: BLOB and other no-sql storage, what are the differences?May 13, 2025 am 12:14 AM

MySQL'sBLOBissuitableforstoringbinarydatawithinarelationaldatabase,whileNoSQLoptionslikeMongoDB,Redis,andCassandraofferflexible,scalablesolutionsforunstructureddata.BLOBissimplerbutcanslowdownperformancewithlargedata;NoSQLprovidesbetterscalabilityand

MySQL Add User: Syntax, Options, and Security Best PracticesMay 13, 2025 am 12:12 AM

ToaddauserinMySQL,use:CREATEUSER'username'@'host'IDENTIFIEDBY'password';Here'showtodoitsecurely:1)Choosethehostcarefullytocontrolaccess.2)SetresourcelimitswithoptionslikeMAX_QUERIES_PER_HOUR.3)Usestrong,uniquepasswords.4)EnforceSSL/TLSconnectionswith

MySQL: How to avoid String Data Types common mistakes?May 13, 2025 am 12:09 AM

ToavoidcommonmistakeswithstringdatatypesinMySQL,understandstringtypenuances,choosetherighttype,andmanageencodingandcollationsettingseffectively.1)UseCHARforfixed-lengthstrings,VARCHARforvariable-length,andTEXT/BLOBforlargerdata.2)Setcorrectcharacters

See all articles