Re: encrypt passwords and hold on Oracle tables

Interesting. A bit different from the approach I'm designing. Are you going to be satisfied with having everyone logged on as 'GENERICUSER' from the oracle POV?

Going off slightly on a tangent, I've noticed that discussions of security designs a la Windoze clients seem to die off with a whimper on this list. Probably because it's full of DBA's, not developers.

For our system development, I'm planning on having each user have their own login. Roles will be designed with various levels for various subsystems (APCLERK 1-9, ISSUING 1-9, etc). Each role in a particular subsystem will be a superset of the ones below it, so someone might be, for instance, an ISSUING-3, AP-CLERK-1, and HR-5. These roles will be defaults, so this is what the user gets in terms of permissions when they log in.

I have a few complications that I'm still trying to work out. For instance, on our current system, managers can enter a password to allow users to perform restricted operations. To do this with oracle, I'm thinking of having a non-default password-protected role assigned to users, which would allow them to perform the restricted function. I just haven't figured out yet how to deactivate the role after the user has done the operation (possibly my ignorance showing).

At 04:26 AM 8/15/00 -0800, you wrote:
>Our development team want to control access to application functionality via
>'logical' users. That is, a list of users and the application functions they
>can use will be maintained in a database table. Actual connection to the
>database would always be via one user(maybe the schema owner, maybe some
>other single specified user).
>

---
Dennis Taylor
---
The opinions expressed herein are mine. Get your own opinions!