Program Security
Security issues involving which users can execute SPL programs, which database objects can be accessed by users who are executing SPL programs, etc. are determined by the following factors.
The permissions used to execute the program.
The permissions that have been granted on the database objects (including SPL applications) that an application needs to access.
Whether the application is defined with definer or invoker privileges.
These are discussed below.
EXECUTE Permissions
An SPL application (including functions, procedures, or packages) can begin execution only if any of the following conditions are true.
The user currently invoking the SPL application is a superuser.
The user currently calling the SPL application has granted execution privileges to the SPL application.
The user currently calling the SPL program has inherited the privilege by becoming a member of the group that has the privilege to execute the SPL program.
The EXECUTE privilege has been granted to the PUBLIC group.
When an SPL program is created in AntDB, the EXECUTE privilege is automatically granted to the PUBLIC group by default, so any user can execute the program immediately.
This default permission can be withdrawn by running the REVOKE EXECUTE command. See the REVOKE command for more detailed information. The following
is an example of this command.
REVOKE EXECUTE ON PROCEDURE list_emp FROM PUBLIC;
We can explicitly grant EXECUTE privileges on an SPL program to a specified user or group.
GRANT EXECUTE ON PROCEDURE list_emp TO john;
Now, user john can execute the list_emp program, but those who do not meet the conditions listed at the beginning of this section cannot execute the program.
A security permission check is required when the program starts executing and then attempts to perform the following operations on any of the database objects.
Read or modify data from a table or view.
Create, modify or delete database objects such as tables, views, indexes or sequences, etc.
Get the current or next value from a sequence.
Calling another procedure (function, procedure or package).
By restricting the permissions on the database objects, we can control these operations very well.
It is important to note that a database may have several objects with the same name and type, which belong to different schemas in the database. In this case, which object will be referenced by the SPL application? This is what will be discussed in the next section.
Top comments (0)