Skip to Content

Definer and Invoker rights in HANA

Hi All,

I am creating a repository stored procedure in schema SCHEMA_A ,in which i am selecting data from SCHEMA_A. The procedure is created with definer rights.

Since it is a repository procedure definer will be SYS_REPO.

So,I have given the SELECT and EXECUTE privilege on SCHEMA_A to user _SYS_REPO.

Now,When another user (USER_X) is trying to call the procedure who does not have SELECT and EXECUTE access on SCHEMA_A ,He is not able to run the procedure.

As per my understanding, since procedure is created with definer mode and SYS_REPO have SELECT and EXECUTE privilege on schema SCHEMA_A, USER_X should be able to execute procedure even if he doesn't have SELECT and EXECUTE access on SCHEMA_A

But I see that USER_X is unable to execute this procedure. He gets authorization error.

Please provide your inputs on how definer rights work for procedure.

Regards,

Anuj Kumar

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

1 Answer

  • Best Answer
    Feb 11 at 03:34 PM

    Your user USER_X still needs the privileges to execute the procedure. All things done within the procedure are then validated against _SYS_REPO. That means the Invoker/Definer settiing just influences the authority checks within the procedure, but not the procedure call itself.

    Add comment
    10|10000 characters needed characters exceeded