Aug 22, 2008

pl/sql and roles

permissions granted through roles will fail when accessed through packages. See the note and link below, but these permissions fail because roles are turned off during compilation due to performance and security reasons.

Oracle requires that permissions to non-owned objects in a stored procedure be granted directly to the user. Roles are temporarily turned off during compilation, and the user has no access to anything granted through them. This is done for performance and security reasons. Roles can be dynamically activated and deactivated via the SET ROLE command, and it would be a large overhead for Oracle to constantly check which roles and permissions are currently active.

http://articles.techrepublic.com.com/5100-10878_11-6183799.html