Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> Re: encrypt passwords and hold on Oracle tables

Re: encrypt passwords and hold on Oracle tables

From: Dennis Taylor <>
Date: Tue, 15 Aug 2000 08:11:02 -0700
Message-Id: <>

Interesting. A bit different from the approach I'm designing. Are you going to be satisfied with having everyone logged on as 'GENERICUSER' from the oracle POV?

Going off slightly on a tangent, I've noticed that discussions of security designs a la Windoze clients seem to die off with a whimper on this list. Probably because it's full of DBA's, not developers.

For our system development, I'm planning on having each user have their own login. Roles will be designed with various levels for various subsystems (APCLERK 1-9, ISSUING 1-9, etc). Each role in a particular subsystem will be a superset of the ones below it, so someone might be, for instance, an ISSUING-3, AP-CLERK-1, and HR-5. These roles will be defaults, so this is what the user gets in terms of permissions when they log in.

I have a few complications that I'm still trying to work out. For instance, on our current system, managers can enter a password to allow users to perform restricted operations. To do this with oracle, I'm thinking of having a non-default password-protected role assigned to users, which would allow them to perform the restricted function. I just haven't figured out yet how to deactivate the role after the user has done the operation (possibly my ignorance showing).

At 04:26 AM 8/15/00 -0800, you wrote:
>Our development team want to control access to application functionality via
>'logical' users. That is, a list of users and the application functions they
>can use will be maintained in a database table. Actual connection to the
>database would always be via one user(maybe the schema owner, maybe some
>other single specified user).

Dennis Taylor
The opinions expressed herein are mine. Get your own opinions!
Received on Tue Aug 15 2000 - 10:11:02 CDT

Original text of this message