Mamta Satoor wrote: > But that is not what we want for system routines (as per the > Grant/Revoke spec). The system routines should run with the permissions > of INVOKER and not DEFINER and hence above assumption,
I'm not sure the spec is correct here. I thought the spec was going to contain a table of all the system routines and their security aspects. Must easier to review with a definitive list and their actions. For example, it seems SYSCS_SET_DATABASE_PROPERTY and SYSCS_BACKUP_DATABASE would run as definer. Dan.
