Permissions on Objects in Procedures Checked at Run-time

Users can create procedural objects (procedures, views, etc.) that name objects which they normally do not have access to, although they are not allowed to execute the procedure or use the view.Previously, attempts to create the procedural object would fail when the create command was run. Now, the create command succeeds, but attempts to use the object fail.

For example, the following command to create a procedure succeeds, even though the user issuing the command does not have permission on mary.sales_prospects:

create proc steal_leads 
select * from mary.sales_prospects 

However, this user cannot execute the procedure; the attempt to execute returns a permissions error.