Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> RE: DB Access restriction

RE: DB Access restriction

From: Dara Vaughn <>
Date: Mon, 11 Dec 2000 18:38:55 -0600
Message-Id: <>


I don't know if there is another way to do this, but the way I've handled it in the past is to create a password protected role that has the privileges needed for your application. Assign this role to each of your users, but NOT as a DEFAULT role. Create your users and give them only CREATE SESSION privilege. Then, the first thing you do when they log on through the application (be it D2K or Pro*C), is to enable the password protected role. Of course, your application must know the password. But, if anyone tries to use their oracle user id with a 3rd party tool, they will be able to connect, but not do anything else. You must make sure your database is locked down of course... e.g. DON'T grant stuff to PUBLIC!! (not that I've ever seen that... ;-)

There MAY be some way to handle it with profiles, but I'm not sure about that. You'd have to read up on the documentation.

HTH, Dara Vaughn
Oracle DBA
Quality Software Engineering

-----Original Message-----

From: []On Behalf Of Ganapathi Kesavelu
Sent: Monday, December 11, 2000 1:48 PM
To: Multiple recipients of list ORACLE-L Subject: DB Access restriction

  ORACLE 7.3.4 (will be upgraded to 817) OPS   The frontend is D2K.
  There are some interfaces written in PRO*C.  The apps also uses DBMS_JOB

  I want to allow access to db for people who come thru forms and PRO*C only. Basically I want to restrict access to anybody trying to come by any third party apps, ODBC etc

 TIA Regd's

Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.

Please see the official ORACLE-L FAQ:

Author: Ganapathi Kesavelu
Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists

To REMOVE yourself from this mailing list, send an E-Mail message
to: (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Mon Dec 11 2000 - 18:38:55 CST

Original text of this message