I am writing a PL/SQL program (a single anonymous
block) that performs a query input by the user at
run-time. I want to allow the user to read any
table or view in the database, and call any stored
functions they might use. However, I am worried
that a user, either through carelessness or malice,
might try to write in the database, which I want
to disallow (and record any attempt in a log).

I've never done anything like this before.

I know about EXECUTE IMMEDIATE and DBMS_SQL. Can I
restrict access to read-only by either of these two
methods? Is there some other technique I might use?
What words can I use to search this newsgroup in
Google Groups? What else do I need to be aware of?

Many thanks,

Phil

<pbewig (AT) swbell (DOT) net> a écrit dans le message de
news:1102956332.207637.85010 (AT) c13g2000cwb (DOT) googlegroups.com...
Grant select any table, execute any procedure to user;

....and search for a new job!

You are not doing what you want in a correct way.
Just let him select the table he needs and execute the function he needs,
why don't you want to pack that in a procedure?

Regards
Michel Cadot

"Michel Cadot" <micadot{at}altern{dot}org> a écrit dans le message de
news:41bdcc9e$0$11241$626a14ce (AT) news (DOT) free.fr...
Sorry, my last question is "why _do_ you want to pack that in a procedure?"
and not the opposite.

Regards
Michel Cadot

pbewig (AT) swbell (DOT) net wrote:

Re-examine the requirement and what you are proposing.
If you just want to become unemployed a letter of resignation
is a far more straight-forward approach.

Your posting would seem to indicate that you want to put
a bunch of loaded guns into the hands of a bunch of school
children and hope none of them pull the trigger.
--
Daniel A. Morgan
University of Washington
damorgan@x.washington.edu
(replace 'x' with 'u' to respond)