Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: security without using different usernames

Re: security without using different usernames

From: Ryan <rgaffuri_at_cox.net>
Date: Tue, 15 Jul 2003 18:11:19 -0400
Message-Id: <25929.337898@fatcity.com> 





This is a multi-part message in MIME format.



------=_NextPart_000_10B4_01C34AFC.7D829630
Content-Type: text/plain;


        charset="iso-8859-1"


Content-Transfer-Encoding: quoted-printable



RE: upgrade to AIX 5management has handled it. namely my manager and the =
answer is no. Partitioning cant be done. we are ingesting data to this =
application via transportable tablespaces. So each schema has to be =
self-contained.=20





  Ryan,



      What would be much better is to create the single schema and =
partition the tables so that each customer's data lands into it's own =
partition.  As for this other group, make some friends.  It's a lot =
easier to get your problems and concerns addressed if the people your =
talking to are on a friendly basis with you.  You can also bring up the =
problems of scaling to your management in terms of dollars needed for =
additional servers, memory, hard disk, and software.  For some reason =
that is something pointy headed managers seem to understand, especially =
when you start talking about Oracle licenses at $40K per CPU.



  Dick Goulet


  Senior Oracle DBA


  Oracle Certified 8i DBA=20



  -----Original Message-----


  From: Ryan [mailto:rgaffuri_at_cox.net]


  Sent: Tuesday, July 15, 2003 6:29 PM


  To: Multiple recipients of list ORACLE-L
  Subject: security without using different usernames




  I know this is terrible design, but the GUI was created by a software =
engineering group that is seperate from the database group. Its not =
scalable. So Im trying to come up with a more scalable method. I have no =
power to change their gui. It rides on the database. I have to live with =
it. This is not a high enough transaction database to warrant seperate =
instances.=20



  We have a variety of customers. Each of them has their own versions of =
data. However, the schema is exactly the same. These tables can get =
huge, so we dont want to throw them all into the same schema.



  Right now, due to the fact that the GUI has a series of logins that =
are the same across clients, each client has its own instance. This isnt =
very scalable as we get more business. We have to create another =
instance and ingest data to it.=20



  Id like to find a way to get all the clients in the same instance with =
just different schemas and tablespaces. One thing I may have control =
over would be to slightly rename the executable. If you check v$session, =
in a client-server application the name of the product connecting to the =
database is recording. I can handle security based off of that.=20



  My question is what would be the best way? Cant do synonyms for this =
since its the same login. I think I saw somewhere that there is a =
session based 'set' command where you can say use this schema. I think =
it was on asktom and in reference to a question about public synonyms. I =
cant find it. Anyone know it?=20



  Also is it viable to base a context off of what is in v$sesion with a =
logon trigger? How would I 'redirect' all queries to a specific schema?



  To stress, I cant change the application. Different group with =
different skillsets. Any suggestions?=20



------=_NextPart_000_10B4_01C34AFC.7D829630
Content-Type: text/html;


        charset="iso-8859-1"


Content-Transfer-Encoding: quoted-printable


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>RE: upgrade to AIX 5</TITLE>
<META http-equiv=3DContent-Type content=3D"text/html; =


charset=3Diso-8859-1">

<META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>management has handled it. namely my =


manager and=20


the answer&nbsp;is no. Partitioning cant be done. we are ingesting data =
to this=20


application via transportable tablespaces. So each schema has to be=20
self-contained. </FONT></DIV>


<BLOCKQUOTE dir=3Dltr=20


style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">


  <DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV>

  <DIV=20



  style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: =
black"><B>From:</B>=20


  <A title=3DDGoulet_at_vicr.com href=3D"mailto:DGoulet_at_vicr.com">Goulet, =

Dick</A>=20


  </DIV>

  <DIV style=3D"FONT: 10pt arial"><B>To:</B> <A =

title=3DORACLE-L_at_fatcity.com=20


  href=3D"mailto:ORACLE-L_at_fatcity.com">Multiple recipients of list =
ORACLE-L</A>=20


  </DIV>

  <DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Tuesday, July 15, 2003 =

6:59=20


PM</DIV>


  <DIV style=3D"FONT: 10pt arial"><B>Subject:</B> RE: security without =

using=20


  different usernames</DIV>


  <DIV><BR></DIV>

  <DIV><SPAN class=3D887315421-15072003><FONT face=3DArial =

color=3D#0000ff=20


  size=3D2>Ryan,</FONT></SPAN></DIV>


  <DIV><SPAN class=3D887315421-15072003><FONT face=3DArial =

color=3D#0000ff=20


  size=3D2></FONT></SPAN>&nbsp;</DIV>


  <DIV><SPAN class=3D887315421-15072003>&nbsp;&nbsp;&nbsp; <FONT =

face=3DArial=20


  color=3D#0000ff size=3D2>What would be much better is to create the =
single schema=20


  and partition the tables so that each customer's data lands into it's =
own=20


  partition.&nbsp; As for this other group, make some friends.&nbsp; =
It's a lot=20


  easier to get your problems and concerns addressed if the people your =
talking=20


  to are on a friendly basis with you.&nbsp; You can also bring up the =
problems=20


  of scaling to your management in terms of dollars needed for =
additional=20


  servers, memory, hard disk, and software.&nbsp; For some reason that =
is=20


  something pointy headed managers seem to understand, especially when =
you start=20


  talking about Oracle licenses at $40K per CPU.</FONT></SPAN></DIV>


  <DIV>&nbsp;</DIV>

  <P><FONT size=3D2>Dick Goulet<BR>Senior Oracle DBA<BR>Oracle Certified =

8i DBA=20


  </FONT></P>

  <DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =

face=3DTahoma=20


  size=3D2>-----Original Message-----<BR><B>From:</B> Ryan=20
  [mailto:rgaffuri_at_cox.net]<BR><B>Sent:</B> Tuesday, July 15, 2003 6:29=20
  PM<BR><B>To:</B> Multiple recipients of list =
ORACLE-L<BR><B>Subject:</B>=20


  security without using different usernames<BR><BR></FONT></DIV>


  <DIV><FONT face=3DArial size=3D2>I know this is terrible design, but =

the GUI was=20


  created by a software engineering group that is seperate from the =
database=20


  group. Its not scalable. So Im trying to come up with a more scalable =
method.=20


  I have no power to change their gui. It rides on the database. I have =
to live=20


  with it. This is not a high enough transaction database to warrant =
seperate=20


  instances. </FONT></DIV>


  <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>

  <DIV><FONT face=3DArial size=3D2>We have a variety of customers. Each =

of them has=20


  their own versions of data. However, the schema is exactly the same. =
These=20


  tables can get huge, so we dont want to throw them all into the same=20
  schema.</FONT></DIV>


  <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>

  <DIV><FONT face=3DArial size=3D2>Right now, due to the fact that the =

GUI has a=20


  series of logins that are the same across clients, each client has its =
own=20


  instance. This isnt very scalable as we get more business. We have to =
create=20


  another instance and ingest data to it. </FONT></DIV>


  <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>

  <DIV><FONT face=3DArial size=3D2>Id like to find a way to get all the =

clients in=20


  the same instance with just different schemas and tablespaces. One =
thing I may=20


  have control over would be to slightly rename the executable. If you =
check=20


  v$session, in a client-server application the name of the product =
connecting=20


  to the database is recording. I can handle security based off of that. =



  </FONT></DIV>

  <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>

  <DIV><FONT face=3DArial size=3D2>My question is what would be the best =

way? Cant=20


  do synonyms for this since its the same login. I think I saw somewhere =
that=20


  there is a session based 'set' command where you can say use this =
schema. I=20


  think it was on asktom and in reference to a question about public =
synonyms. I=20


  cant find it. Anyone know it? </FONT></DIV>


  <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>

  <DIV><FONT face=3DArial size=3D2>Also is it viable to base a context =

off of what=20


  is in v$sesion with a logon trigger? How would I 'redirect' all =
queries to a=20


  specific schema?</FONT></DIV>


  <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>

  <DIV><FONT face=3DArial size=3D2>To stress, I cant change the =

Received on Tue Jul 15 2003 - 17:11:19 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US