RE: benefits of proxy user
Date: Wed, 30 Sep 2009 11:55:30 -0400
I think that some of us, and I'll include myself in this, have crossed ideas on what a proxy user is. Top that off with a Google search on the subject and you really have a foggy mess. Proxy users are listed in the Oracle documentation both in the database docs and the application docs.
In the database docs a proxy user is someone who has been granted the connect through privilege on the target account, meaning it's a Oracle like sudo process.
In the application docs it is used to explain how end users, each with their own user account and password though not at the database level, can get funneled into the database through a proxy.
In my mind I think of proxy in the first case as a real proxy, while the latter is only application level security and has nothing to do with proxies. Personally I like either the procedure approach that you use, or the role based grants that you suggest. Makes it easier to manage things.
Senior Oracle DBA/NA Team Lead
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Michael McMullen Sent: Wednesday, September 30, 2009 11:16 AM To: 'ORACLE-L'
Subject: benefits of proxy user
I've read over the documentation after following the recent threads of proxy users and I'm trying to figure out the benefits. How is it better than having the owner create packages which control the application and granting execute on these packages to a web_app user? The web_app user can only access the app through the package? This is our general approach, or if people don't like the package approach, then how about the standard least privilege to a role and the role is granted to a web_app user.
MikeReceived on Wed Sep 30 2009 - 10:55:30 CDT