Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: How to stop access to prod instance ...

RE: How to stop access to prod instance ...

From: Boivin, Patrice J <BoivinP_at_mar.dfo-mpo.gc.ca>
Date: Fri, 04 Jan 2002 08:17:16 -0800
Message-ID: <F001.003E6FF5.20020104075022@fatcity.com>

Connect grants other privs. Create this, create that. Alter session.

Regards,
Patrice Boivin
Systems Analyst (Oracle Certified DBA)

Systems Admin & Operations | Admin. et Exploit. des systèmes
Technology Services        | Services technologiques
Informatics Branch         | Direction de l'informatique 
Maritimes Region, DFO      | Région des Maritimes, MPO

E-Mail: boivinp_at_mar.dfo-mpo.gc.ca

 -----Original Message-----
Sent: Friday, January 04, 2002 11:05 AM

To:     Multiple recipients of list ORACLE-L
Subject:        RE: How to stop access to prod instance ...

One way to do it (kinda) is to ensure that all access to objects is via roles. Don't use public. Make sure the only privilege granted is connect or create session (don't remember which one grants other privs with it off the top of my head). Assign that role to the users but do not make it 'active'. Also, put a password on the role. Within the forms code you set the role on. (or you could use Oracle's FGAC)

So that still allows access to Oracle via other products but they won't be able to do anything. You can use the Oracle profile to stop things that are Oracle from connecting though. Which would be the easiest way to stop things like SQL*Plus but there is nothing for things like TOAD to the best of my knowledge.

-----Original Message-----
Rajendra
Sent: Friday, January 04, 2002 6:35 AM
To: Multiple recipients of list ORACLE-L

How does one stop access to prod instance by any product other than supplied homegrown Forms application?

I mean no sqlplus, toad, tora and similar tools and their renamed derivatives?? All this needs to be done for all users incl developers except DBAs.

Thanks in advance
Raj



Rajendra Jamadagni MIS, ESPN Inc. Rajendra dot Jamadagni at ESPN dot com
Any opinion expressed here is personal and doesn't reflect that of ESPN Inc.

QOTD: Any clod can have facts, but having an opinion is an art!

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Kimberly Smith
  INET: ksmith2_at_myfirstlink.net

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L

(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Boivin, Patrice J INET: BoivinP_at_mar.dfo-mpo.gc.ca Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
Received on Fri Jan 04 2002 - 10:17:16 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US