PLSQL: Package stored procedure cannot call exe imediate statement

oracleoracle-11g-r2plsqlplsql-developer

I'm working with oracle 11g R2.

Issue:

I am unable to preform dynamic SQL in SchemaB package against SchemaA tables. SchemaB is being called by the owner of SchemaB.

Background:

I have a package/procedure that has the rights to preform a selection statement on another schema's table.

So I can call the below with no issues.

select * from SchemaA.TableA where blah

I need to be able to run this call from dynamic SQL, because the table from SchemaA could be any of 10. I created the below SQL. I get an error

ORA-01031: insufficient privilegeswhen I run the same statement but withexecute immediate

Code:

v_query varchar2(2000); 
v_query := 'select id, value1, value2 from SchemaA. ' || TableName || ' where id = ' || id;

execute immediate v_query ;

I know that the package does not get the user roles, so I even put the following code into the signature of my package AUTHID CURRENT_USER ; which changed nothing.

What other permissions do I need to set in order to do this?

OR if you have another solution for dynamic table selection, that would be great too.

Best Answer

You're doing something wrong. Test case follows...

Create schemaa and schemab:

SQL*Plus: Release 11.2.0.2.0 Production on Fri Oct 21 14:28:47 2016

Copyright (c) 1982, 2014, Oracle.  All rights reserved.

SQL> create user schemaa identified by "schemaa";
SP2-0640: Not connected
SQL> conn / as sysdba
Connected.
SQL> create user schemaa identified by "schemaa";

User created.

SQL> grant connect, resource to schemaa;

Grant succeeded.

SQL> create user schemab identified by schemab;

User created.

SQL> grant connect, resource to schemab;

Grant succeeded.

Login as schemaa, create two tables & grant select on the first to schemab, but don't grant anything on the 2nd table:

SQL> conn schemaa/schemaa;
Connected.

SQL> create table satable ( aaa integer ) ;

Table created.

SQL> insert into satable values ( 1 );

1 row created.

SQL> grant select on satable to schemab;

Grant succeeded.

SQL> create table satablenograntsforb( aaa integer ) ;

Table created.

Login as schemab, create the stored procedure & then test it with the table we have permission to select from:

SQL> conn schemab/schemab;
Connected.

SQL> CREATE OR REPLACE PROCEDURE schemabproc(TableName IN VARCHAR2)
  2  IS
  3  v_query varchar2(2000);
  4  BEGIN
  5
  6  v_query := 'select aaa from schemaa. ' || TableName ;
  7  execute immediate v_query ;
  8
  9  END;
 10  /

Procedure created.

SQL> exec schemabproc('satable');

PL/SQL procedure successfully completed.

SQL>

As you can see, it executed ok.

Let's try on the table we don't have permission on:

SQL> exec schemabproc('satablenograntsforb');
BEGIN schemabproc('satablenograntsforb'); END;

*
ERROR at line 1:
ORA-00942: table or view does not exist
ORA-06512: at "SCHEMAB.SCHEMABPROC", line 7
ORA-06512: at line 1

Let's grant and re-test:

SQL> conn schemaa/schemaa
Connected.

SQL> grant select on satablenograntsforb to schemab;

Grant succeeded.

Now we should be able to select from the 2nd table without error: 

SQL> conn schemab/schemab 

SQL> exec schemabproc('satablenograntsforb');

PL/SQL procedure successfully completed.

SQL>

Conclusion: There's something else happening. Note that the procedure above runs with AUTHID DEFINER, which is the default.

Related Question