Thanks for the question, venkatesh.
Asked: November 17, 2016 - 9:42 am UTC
Last updated: November 18, 2016 - 6:13 am UTC
Version: 12c
Viewed 1000+ times
You Asked
I have created one package(pk_data_updates) in schema A and assigned Execute permission to existing Role Role1(ROLE Role1 is password protected).
this Role (R1) is assigned to user venkat.
CREATE ROLE Role1 IDENTIFIED BY roc_super;
GRANT EXECUTE ON PK_DATA_UPDATES TO Role1
GRANT Role1 TO venkat;
ALTER USER "venkat" DEFAULT ROLE ALL EXCEPT C_SUPERUSER, CL_USER, WORKFLOW_READER;
when try to execute the package, i am getting following error :
PLS-00201: identifier PK_DATA_UPDATES must be declared
but the above package is working in previous version 11g.
and Connor said...
That change may also go back to 11.2.0.4 (I cant be sure), but it was to fix a potential security issue.
In earlier releases, if someone had (say)
roleA default
roleB default password-prot
roleC not default
then if you did:
set role roleA
then *all* default roles would be activated (including the password protected one).
That is obviously a security issue, because you accessed the protected role without ever providing the password.
That has been corrected.
Is this answer out of date? If it is, please let us know via a Comment