From lhahn_60@yahoo.com Tue, 21 Aug 2001 11:21:28 -0700 From: Larry Hahn Date: Tue, 21 Aug 2001 11:21:28 -0700 Subject: User access within/outside an app Message-ID: MIME-Version: 1.0 Content-Type: text/plain List, We have purchased a system where users login through an ODBC connection using a generic Oracle userid. This userid has full rights to do insert, update, delete, select on any table in the schema. The app asks for another username and password which checks the application security table, which limits what areas of the apps they can access. Although this may work fine for the app, the users also have the ability to use Access and other ODBC compliant programs to look at the data. When doing so, they use the same ODBC DSN and, what do you know, they have capabilities beyond their wildest imagination. This is obviously not a situation I want to implement. I am looking for a way to allow a user into the app to do their normal work, but only allow read access for anything outside the app. Any suggestions or ideas would be more than welcome. Thanks, Larry Hahn Journal Sentinel, Inc. ===== Larry Hahn DBA Journal Sentinel,Inc __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Larry Hahn INET: lhahn_60@yahoo.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru@fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).