I am trying to write a pl/sql procedure that functions as a trojan horse program between user A and user B.

User B cannot access the employee table. Only user A can. The idea is to write a procedure that finds a way to bypass this to retrieve the data for user B. So, for example, when user A is granted access to this procedure from user B, if user A passes the employee table into the procedure parameter, this will copy the data into an alternate table or some other way, perhaps using a cursor or refcursor to fetch the data, so that user B can access it. The table name for user A is employees, which is listed below. I just have to transfer the employee_id, not all of them.

CREATE TABLE EMPLOYEES (

EMPLOYEE_ID NUMBER(7) NOT NULL,

FIRST_NAME VARCHAR2(10) NULL,

LAST_NAME VARCHAR2(10) NULL,

JOB_ID NUMBER(4) NULL,

MANAGER_ID NUMBER(4) NULL,

HIRE_DATE DATE NULL,

SALARY NUMBER NULL,

DEPARTMENT_ID NUMBER(2) NULL

);