Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: impersonating another user???

RE: impersonating another user???

From: DENNIS WILLIAMS <DWILLIAMS_at_LIFETOUCH.COM>
Date: Mon, 04 Aug 2003 13:39:29 -0800
Message-ID: <F001.005C8DC2.20030804133929@fatcity.com>


Rick - I'm sorry if I didn't add much to your question. Often times these types of situations have two parts, the technical issue of how to accomplish something and the people issue of whether this is a good idea to begin with. As a DBA, you often must consider both parts of the situation. I have been approached with situations like you describe, and I have tended to refuse on the basis of the potential for misunderstandings later. In my own clumsy way, I was trying to offer some advice on the people side based on my experience. In your situation, if you have considered the people side and have decided to proceed, then I hope it works out well for you, and maybe someone can provide you with advice on how to technically accomplish what you need to do.

Dennis Williams
DBA, 80%OCP, 100% DBA
Lifetouch, Inc.
dwilliams_at_lifetouch.com

-----Original Message-----
Sent: Monday, August 04, 2003 8:24 AM
To: Multiple recipients of list ORACLE-L

Dennis,

Thanks for replying but I think you either read/responded to the wrong question or jumped to the wrong conclusion. Perhaps the subject line was the reason. Tom Kyte has an entire section on n-tier authentication as well as Oracle. However I cannot put all the pieces together as no good examples are presented on entire usage. I was hoping someone has some experience in this. This has NOTHING to do with divulging/changing passwords. Sorry no bad odor on this one<g>.

Thanks
Rick  

                      DENNIS WILLIAMS

                      <DWILLIAMS_at_LIFETO        To:       Multiple recipients
of list ORACLE-L <ORACLE-L_at_fatcity.com>               
                      UCH.COM>                 cc:

                      Sent by:                 Subject:  RE: impersonating
another user???                                         
                      ml-errors_at_fatcity

                      .com

 

 

                      08/01/2003 05:39

                      PM

                      Please respond to

                      ORACLE-L

 

 





Rick

   Since nobody has responded to your question, I'll answer: No, haven't tried that. Most of us work hard to keep a user from impersonating another user. ;-)
Seriously, this whole system might get you fired someday. I can just see you
trying to explain how this is a legitimate request several years ago, but you can't find the authorizing memo. At most sites, the answer is that if the manager wants the subordinate to act as them, he/she provides the password and changes the password upon return. Yep, this one has a bad odor.

Dennis Williams
DBA, 80%OCP, 100% DBA
Lifetouch, Inc.
dwilliams_at_lifetouch.com

-----Original Message-----
Sent: Friday, August 01, 2003 11:24 AM
To: Multiple recipients of list ORACLE-L

Hi DBAs,

Oracle 8.1.7.4

I want to be able to have users log into the database with an OS integrated account and set up only certain users that log in to act on the behalf of another integrated user account. (i.e. A manager is given access to a database where he may delegate his authority to an administrative assistant who logs into the database and when the assistant connects, the database automatically impersonates the assistants account to appear as the managers account. Giving them the same database permission's as the manager. Also I would want to be able to look at the "USER" keyword to determine who is really logged in, and who they are impersonating if anyone. I hope this makes sense.

I have read some on n-tier authentication using the following but really do not understand how it works.

ALTER USER app_user1 GRANT CONNECT THROUGH sh WITH ROLE warehouse_user;

Has anyone done this? If so any help is appreciated.

Thanks
Rick

--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author:
  INET: Rick_Cale_at_teamhealth.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L

(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: DENNIS WILLIAMS INET: DWILLIAMS_at_LIFETOUCH.COM Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: INET: Rick_Cale_at_teamhealth.com Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: DENNIS WILLIAMS INET: DWILLIAMS_at_LIFETOUCH.COM Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
Received on Mon Aug 04 2003 - 16:39:29 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US