Native Apps currently execute with owners rights. They can of course use explicitly granted object references (e.g. view ref or sproc ref) to access those objects. But granting such references individually can be onerous & limited if the user needs to access all views, tables, functions - including those created in future - in a given schema or DB in the app that they already have access to.
This feature will allow an appropriately privileged role in the consumer account to grant Restricted Callers Rights to an app. The restrictions are in the form of:
Specific operations; e.g. select
Specific object types; e.g. views or all objects
Specific containers; e.g. a schema, a DB
Note that RCR cannot be combined with owners rights. App must choose which one it wants to exercise for a given code path.
Native Apps currently execute with owners rights. They can of course use explicitly granted object references (e.g. view ref or sproc ref) to access those objects. But granting such references individually can be onerous & limited if the user needs to access all views, tables, functions - including those created in future - in a given schema or DB in the app that they already have access to.
This feature will allow an appropriately privileged role in the consumer account to grant Restricted Callers Rights to an app. The restrictions are in the form of:
Note that RCR cannot be combined with owners rights. App must choose which one it wants to exercise for a given code path.