Anyone can create a plan, but the ability to create a plan which uses the binder's privileges instead of the executor's is controlled by the use of the CHECKWHO=BINDER plan option, for which you need system-level CHECKBINDER privilege.
The following diagram shows how the CHECKBINDER privilege is granted and revoked in plan security.
►►─ GRANT ─ CHECKBINDER ─ TO ─ accessor-id ─┬─────────────────────┬───────────►◄ └─ WITH GRANT OPTION ─┘ ►►─ REVOKE ─ CHECKBINDER ─ FROM ─ accessor-id ─┬───────────┬──────────────────►◄ └─ CASCADE ─┘
To grant the CHECKBINDER privilege, the grantor must hold the privilege WITH GRANT OPTION or be a Global Owner. To revoke the CHECKBINDER privilege, you must have granted it to the revokee or be a Global Owner. For more information about Global Owners, see Global Ownership.
|
Copyright © 2014 CA.
All rights reserved.
|
|