The following guidelines apply to stored procedure security:

• To create a stored procedure, a user must have RESOURCE or DBA privileges.
• The DBA privilege entitles a user to execute any stored procedure.
• The DBA privilege entitles a user to drop any stored procedure.
• The owner of a stored procedure is given EXECUTE privilege on that procedure at creation time, by default.
• The privileges on a procedure can be granted to another user or to public either by the owner of that procedure or by the DBA.
• Stored procedures are executed with the definer's rights, not the invoker's. In other words, when a procedure is being executed on behalf of a user with EXECUTE privilege on that procedure, for the objects that are accessed by the procedure, the procedure owner's privileges are checked and not the user's. This enables a user to execute a procedure successfully even when the user does not have the privileges to directly access the objects that are accessed by the procedure, as long as the user has EXECUTE privilege on the procedure.