QUOTE (smento @ Mar 15 2010, 05:30 PM)
I found the answer.
If you create a package with "AUTHID CURRENT_USER" specification, the permissions (even those granted via a role) of the user calling the package are used.
As long as the user has permission to execute the package, the specific user's permissions are used by the package (not the permissions of the schema that owns the package.)
thanks for the help!
that is not an answer, that is dangerous