Security considerations

When you define a stored procedure, you can specify whether the IBM® Netezza® system executes the procedure by using the ID of the owner who created the stored procedure or the ID of the user who runs the procedure. The user account adds an additional layer of security (or expanded access) for the data that is processed by the stored procedure.

For example, if the admin user creates a stored procedure and specifies “execute as owner” permission, which is the default, then any user who is allowed to execute the procedure will do so as the admin user. With the admin user privileges, the procedure could access data in tables or views that the logged-in database user might not have permission to access. If the user bsmith creates the stored procedure, then users who can execute the procedure will do so as the user bsmith.

If a procedure should access only the data that the executing user is allowed to see, define the stored procedure as “execute as caller.” In this case, the procedure uses the user ID of the database user who executes the procedure. The procedure can access only the data that the calling user is permitted to see.