Sybase provides different security models for SQLJ stored procedures and SQLJ functions.
SQLJ functions and user-defined functions (UDFs) (see “Invoking Java methods in SQL”) use the same security model. Permission to execute any UDF or SQLJ function is granted implicitly to public. If the function performs SQL queries via JDBC, permission to access the data is checked against the invoker of the function. Thus, if user A invokes a function that accesses table t1, user A must have select permission on t1 or the query fails.
SQLJ stored procedures use the same security model as Transact-SQL stored procedures. The user must be granted explicit permission to execute a SQLJ or Transact-SQL stored procedure. If a SQLJ procedure performs SQL queries via JDBC, implicit permission grant support is applied. This security model allows the owner of the stored procedure, if the owner owns all SQL objects referenced by the procedure, to grant execute permission on the procedure to another user. The user who has execute permission can execute all SQL queries in the stored procedure, even if the user does not have permission to access those objects.
For a more detailed description of security for stored procedures, see the System Administration Guide.
