Oracle Database 12c: Advanced Administration — Question 166

In your multitenant container database (CDB) that contains pluggable databases (PDBs), the hr user executes the following commands to create and grant privileges on a procedure:
CREATEORREPLACEPROCEDUREcreate_test_v(v_emp_idNUMBER,v_enameVARCHAR2, v_SALARYNUMBER,v_dept_idNUMBER)

BEGIN -
INSERT INTO hr.test VALUES (v_emp_id, v_ename, v salary, v_dept_id);
END;
/
GRANT EXECUTE ON CREATE_TEST TO John, jim, smith, king;
How can you prevent users having the execute privilege on the create_test_v procedure from inserting values into tables on which they do not have any privileges?

Answer options

• A. Create the create_test procedure with definer's rights.
• B. Grant the execute privilege to users with grant option on the create_test procedure.
• C. Create the create_test procedure with invoker's rights.
• D. Create the create_test procedure as part of a package and grant users the execute privilege on the package.

Correct answer: C

Explanation

Creating the procedure with invoker's rights ensures that the procedure executes with the privileges of the user calling it, rather than the user who defined it. This means that users will only be able to access tables they have privileges for, thus preventing unauthorized inserts. The other options would either grant excessive privileges or not address the issue of privilege scope properly.