分享一下我老師大神的人工智慧教程！零基礎，通俗易懂！http://blog.csdn.net/jiangjunshow

也歡迎大家轉載本篇文章。分享知識，造福人民，實現我們中華民族偉大復興！

               

183. The HR user creates a stand-alone procedure as follows and grants the EXECUTE privilege on the 

procedure to many database users: 

CREATE OR REPLACE PROCEDURE create_dept ( v_deptno NUMBER, v_dname VARCHAR2, v_mgr NUMBER, v_loc NUMBER) 

BEGIN 

INSERT INTO hr.departments VALUES (v_deptno, v_dname, v_mgr, v_loc);

END; 

The users having permission to execute the procedure are able to insert records into the DEPARTMENTS

table even though they do not have the INSERT privilege on the table. You want only those users who

have privileges on the DEPARTMENTS table to be able to execute the procedure successfully.

What would you suggest to the PL/SQL developers to achieve this? 

A.Create the procedure with definer's right.

B.Create the procedure with invoker's right.

C.Grant the EXECUTE privilege with GRANT OPTION on the procedure to selected users. 

D.Create the procedure as part of a PL/SQL package and grant the EXECUTE privilege on the package

to selected users.

Answer: B  

答案解析：

參考：http://blog.csdn.net/rlhua/article/details/12652569

使用者有執行procedure 的許可權以至於能夠把記錄插入到DEPARTMENTS，即使這些使用者沒有插入DEPARTMENTS表的許可權。

你只想只有能夠插入DEPARTMENTS表的資料的那些使用者執行procedure 成功。

有什麼建議來實現？

PL/SQL  還提供的資料保護功能。 呼叫方不必知道要讀取或處理的資料結構便可進行呼叫。 另外，呼叫方不必具有訪問這些物件的許可權，只需要具有執行PL/SQL  程式的許可權就足夠了。 可以選擇使用另一種模式的許可權來呼叫PL/SQL，這種情況下， 呼叫方必須有權執行 呼叫程式執行期間執行的每個語句。

           

給我老師的人工智慧教程打call！http://blog.csdn.net/jiangjunshow