Use Procedures to Provide Tailored Security

Procedures restrict the actions a user may take.

A user may have EXECUTE privilege on a procedure without having any privileges on the table or tables on which the procedure acts.

By default, procedures execute with the privileges of the procedure owner. For a procedure that updates a table, if the procedure owner has UPDATE privileges on the table, the user can execute the procedure. The owner of the procedure can restrict the procedure to execute with the privileges of the user executing the procedure by specifying SQL SECURITY INVOKER to a CREATE/ALTER PROCEDURE statement.

• Setting Up Task-Based Security Restrictions
  Disallow all access to the underlying tables, and grant privileges to users or roles to execute certain stored procedures. This approach strictly defines how to control database modifications.
• Granting Users the Privilege to Run Related Stored Procedures
  Grant users the system privilege required to run stored procedures. Since most privileges are inherited through role membership, users can inherit the system privilege and the execute privileges for IQ procedures from a role.