I need to deploy a DB and it's procs and functions. The application accesses the DB only through procedures. There is no DML issued directly to the DB.

So here is what i've done:

I've create a role and granted execute on all procs and functs to that role.
By doing this, I was limiting the entry point to the DB through those procs.

I was surprise to see that through that role I could see the internal code of my procs, so I used the 'WITH ENCRYPTION' option in my code.

Using QA, I was able to see the table names and the list of DB and ....

Question 1: how do I setup this group so users of that groups are only allowed to execute procs and NOTHING else ?

Question 2: It's easy to put 'WITH ENCRYPTION' so users cannot see the procs code, but in my installation scripts, it's clearly visible. How do you solve that ?

Thanks!