I am creating new packages which will be used by some plans. Should i need to GRANT permissions (BIND, EXECUTE, COPY) on these packages?
1.What's the syntax for the same. A sample GRANT statement will be very helpful.
2.Then why we dont use RETAIN option in ACTION(REPLACE) while binding a package as RETAIN is used to retain the existing authority permissions?
Does that mean that any plans including these packages will be able to execute them.
No you dont need to do so, what you need is when you create the collection id you need to grant execute access using
GRANT EXECUTE ON PACKAGE XYZ.* TO definer/user;
So by default when you include a new package it has the EXECUTE permission as long as the collection id is the same.
ex. BIND PACKAGE(XYZ) MEMBER(ABC)
For executing the program having SQL statements you need to have a plan bound to the database.
ex. BIND PLAN(PLANXYZ) PKLIST(XYZ.*)
RETAIN preserves EXECUTE privileges when you replace the plan so if the plan name is same always then you dont need to use RETAIN.
I just wanted to post what i learnt in this. When i created packages in a collection, say XYZ and included them in a Plan (BIND PLAN (plan-name) INCLUDE PKLIST (XYZ.*)...), the plan automatically got execute access for the package. The only thing we have to do after creating the package is GRANT BIND to users.
Also i learnt that using ACTION (REPLACE) doesn not expect a plan / package to be present. Instead, it will create a new one if it does not exist.