With Oracle8
i, the concept of invoker's rights was introduced.
As the name implies, invoker's rights allow a stored procedure to be executed with the current rights allocated to the user who is calling, or invoking, the stored procedure.
This makes privileges
late-bound[1], where they are assigned at runtime, rather than
early-bound[2], where they are assigned when a stored procedure is created or modified.
Because invoker's rights apply to the current set of privileges of the calling user, you can use roles with stored procedures compiled with invoker's rights specified. Privileges allowed by roles can also be used for the stored procedure.
For more information on invoker's rights, please refer to the documentation for Oracle13c.
All of these privileges can be handled with two simple SQL commands. The GRANT command gives a particular privilege to a user or role, while the REVOKE command takes away a specific privilege. You can use GRANT and REVOKE to modify the privileges for an
individual or a role. You can also grant the ability to re-grant privileges to others. You can use either of these commands with the keyword PUBLIC to issue or revoke a privilege for all database users.
Another security privilege, EXECUTE, allows users to run a PL/SQL procedure or function. By default, the PL/SQL routine runs with the security privileges of the user
who compiled the routine. Alternately, you can specify that a PL/SQL routine run with what is termed invoker’s rights, which means that the routine is run with the security privileges of the user who is invoking the routine.