To call an invoker-rights routine straightforwardly, the users should have the EXECUTE privilege on that routine. By yielding the privilege, you permit a user to
(i) Call the routine straightly
(ii) Compile the functions and procedures which call the routine
Assume that the user till grants the EXECUTE privilege on invoker-rights routine fft to the user app, as shown below:
GRANT EXECUTE ON util.fft TO app;
Now, the user app can compile the functions & procedures which call the routine fft. At run time, no privilege checks on the calls are completed. So, as figure shows, the user need not grant the EXECUTE privilege to every user who may call the fft indirectly.
Figure: Indirect Calls to an Invoker-Rights Routine
Note that that routine till fft is called directly only from the definer-rights routine app.entry. Therefore, the user till should grant the EXECUTE privilege only to the user app. When util.fft is executed, its invoker may be scott, app, or blake.