In pre-16.0 databases, when you executed a system procedure that performed privileged operations, by default it executed with the privileges of the owner, typically dbo or SYS, and the SQL SECURITY clause in its definition was set to DEFINER (the owner).
In version 16.0, the SQL SECURITY clause for these system procedures is set to INVOKER by default. That is, the privileged operations will execute with the privileges of the invoker, instead of the definer.
Now, when you create or upgrade a database, you can specify whether system procedures that perform privileged operations will execute with the privileges of the owner or the invoker. The CREATE DATABASE statement, ALTER DATABASE UPGRADE statement, Initialization utility (dbinit), and the Upgrade utility (dbupgrad), have been enhanced to allow this choice.
For new databases, if nothing is specified, invoker is chosen for these system procedures. When upgrading, if nothing is specified, the default is whatever is already in place for the database being upgraded.
Discuss this page in DocCommentXchange.
|Copyright © 2014, SAP AG or an SAP affiliate company. - SAP Sybase SQL Anywhere 16.0|