ansaurus

Question

Oracle PL/SQL: Retrieve list of permissioned procedures for account

Answer 1

+1 A:

user_procedures is a system view that holds all the procedures owned by certain schema (user). Not the ones that the schema (user) is granted to execute.

You can try DBMS_METADATA.GET_GRANTED_DDL stored procedure. You might find something useful there. But I don't know what kind of privileges you need to run it within your application.

Hope it helps.

Pablo Santa Cruz 2010-02-12 17:43:02

Pablo: Thanks for the response. I ended up calling desc(ribe) on the package and got the output I was looking for. [Which is probably obvious to any of you guys familiar with Oracle!]

tk-421 2010-02-12 19:25:05

Answer 2

+1 A:

If the procedures are part of a package (i.e. you're calling them by PACKNAME.PROCNAME, then you have an all-or-nothing grant on the package, not individual procedures within the package.

dpbradley 2010-02-12 18:17:24

You're right, that's how the procedures are being called. I basically just want to ask Oracle: "What can this account do?"Is there any way to do that, or do I just know that I have permission to do whatever is contained within that package?[And again, this is because our support from the owning company is extremely limited. I want to help us help ourselves.]

tk-421 2010-02-12 18:48:57

dpbradley: Thanks for the help--I got things working as described above, but you confirmed what I was wondering about packages and permissions.

tk-421 2010-02-12 19:26:38

Answer 3

+3 A:

You can see which stand-alone procedure you can execute with this:

select ao.object_type, ao.owner ||'.'|| ao.object_name
from all_objects ao, user_tab_privs utp
where ao.object_type = 'PROCEDURE'
and utp.owner = ao.owner
and utp.table_name = ao.object_name
and utp.privilege = 'EXECUTE';

But if they are in a package you can't directly see the procedure names, AFAIK, but you can see which package you can execute with this:

select ao.object_type, ao.owner ||'.'|| ao.object_name
from all_objects ao, user_tab_privs utp
where ao.object_type = 'PACKAGE'
and utp.owner = ao.owner
and utp.table_name = ao.object_name
and utp.privilege = 'EXECUTE';

And then you can desc[ribe] the package to see the individual procedures and functions within it. I guess that is probably held somewhere in the data dictionary but don't knwo where off-hand...

Alex Poole 2010-02-12 18:18:28

Alex: Thanks, both work and the situation is as you've described. I ran 'desc' on the relevant package, spool'd the output to file and got exactly what I was looking for: a list of associated stored procs and their parameters. 'desc (package_name)' was the key.

tk-421 2010-02-12 19:23:00

I'm pretty sure Alex's answer is incomplete; for example, any procedures you've inherited the execute privilege wouldn't be included. Unless one has the SELECT ANY DICTIONARY privilege (and even not then, I suspect), SELECT OWNER, OBJECT_TYPE, OBJECT_NAME FROM ALL_OBJECTS WHERE OBJECT_TYPE IN ('PACKAGE', 'PROCEDURE', 'FUNCTION')The only grant I can think of that might apply to any of those object types are EXECUTE; SELECT, INSERT, UPDATE, DELETE, and REFERENCES don't make sense.

Adam Musch 2010-02-15 05:50:28

`ALL_OBJECTS` will include anything you can see; you may be able to desc packages you can't if you don't have `EXECUTE`, though I'm not sure exactly when that can happen. You're right though, it isn't seeing privs granted through roles (including `PUBLIC`); you can get those from all_tab_privs instead: select ao.object_type, ao.owner ||'.'|| ao.object_name from all_objects ao, all_tab_privs atp where ao.object_type in ('PACKAGE', PROCEDURE', 'FUNCTION') and atp.schema_name = ao.owner and atp.table_name = ao.object_name and atp.privilege = 'EXECUTE';

Alex Poole 2010-02-15 09:29:54

ansaurus

tags:

views:

answers:

Oracle PL/SQL: Retrieve list of permissioned procedures for account

related questions