Hello Nitin,
I think it is not the right approach to implement such a logic in a procedure because of several reasons (for instance bad performance cause of imperative logic, ...). Separating the different logic parts into separate procedures which can be authorized by each own would be a better way. So please think about your approach if it is really the right one for you. Following some "technical details", but I do not recommend to implement it in that way.
In a procedure you can check on three different "user variables":
- current user (SELECT CURRENT_USER INTO lv_user FROM DUMMY;) -> would be set to _SYS_REPO in a definer mode procedure
- session user (SELECT SESSION_USER INTO lv_user FROM DUMMY;) -> set to session user (e.g. if your session is connected for user SYSTEM than you get SYSTEM as session user)
- application user (SELECT session_context('APPLICATIONUSER') into lv_user FROM DUMMY;) -> set to application user
Effective privileges (also application privileges) can be determined from system view EFFECTIVE_PRIVILEGES. The query always has to be restricted to a user_name, otherwise you get an error.
Regards,
Florian