System Procedure Privileges

There are two security models under which privileged system procedures can run. Each model grants the ability to run the system procedure differently.

The first model, called the SYSTEM PROCEDURE DEFINER model, runs a privileged system procedure with the privileges of its owner, typically dbo. The second model, called the SYSTEM PROCEDURE INVOKER model, runs a privileged system procedure with the privileges of the person executing it.

To run a privileged system procedure using the SYSTEM PROCEDURE DEFINER model, grant explicit EXECUTE object-level privilege on the procedure. Any system privileges required to run any underlying authorized tasks of the system procedure are automatically inherited from the owner (definer of the system procedure).

For privileged system procedures using the SYSTEM PROCEDURE INVOKER model, the EXECUTE object-level privilege is granted to the PUBLIC role, and since, by default, every user is a member of the PUBLIC role, every user automatically inherits the EXECUTE object-level privilege. However, since the PUBLIC role is not the owner of the system procedures, and is not granted any system privileges, the system privileges required to run any underlying authorized tasks must be granted directly or indirectly to the user.

By default, a database created in versions 16.0 and later runs all privileged system procedures using the SYSTEM PROCEDURE INVOKER model. A database created in versions earlier than 16.0 and upgraded to versions 16.0 and later runs privileged system procedures using a combination of both the SYSTEM PROCEDURE DEFINER and SYSTEM PROCEDURE INVOKER models. In the combined model, all pre-16.0 privileged system procedures use the SYSTEM PROCEDURE DEFINER model, and any privileged system procedures introduced with 16.0 (or any future release) use the SYSTEM PROCEDURE INVOKER model. You can override the default security model when creating or upgrading a database, or any time thereafter. However, SAP recommends that you not do so, as it may result in loss of functionality on custom stored procedures and applications.

• Granting the Ability to Run a Privileged System Procedure
  The process by which you grant the ability to run a privileged system procedure is dependent on the security model under which it runs.
• Revoking the Ability to Run a Privileged System Procedure
  The process by which you revoke the ability to run a privileged system procedure is dependent on the security model under which it runs.
• Determining the Security Model Used by a Database
  There are two security models a database can use.
• Pre-16.0 Privileged System Procedures
  A list of pre-16.0 privileged system procedures.