Re: Privileges by session

From: Kellyn Pedersen <kjped1313_at_yahoo.com>
Date: Thu, 7 Jan 2010 13:15:33 -0800 (PST)
Message-ID: <875244.41340.qm_at_web32001.mail.mud.yahoo.com>

OK, maybe I'm just evil, but I've gone through this at the last company I was lead DBA at.� I was hired with the intention of having me lock down the environment, (they didn't break that to me until a couple weeks in, to be honest...:))� I actually started auditing the�databases with my own scripts, tracking the osuser/vs. logins and started to report them, along with the risks.� It's not fun and you aren't most people's favorite person, but most developers actually started to appreciate it by the end of my tenure there.
�

Not sure if it will work, but you may want to look into different authid options: http://www.adp-gmbh.ch/ora/plsql/authid.html
�

I have always used them with specific user logins, but you may be able to pull the rights right out from under them at the session level this way, too!
�

Good luck,

Kellyn Pedersen
Multi-Platform DBA
I-Behavior Inc.
http://www.linkedin.com/in/kellynpedersen
�

"Go away before I replace you with a very small and�efficient shell script..."

On Thu, 1/7/10, Blanchard, William <wblanchard_at_societyinsurance.com> wrote:

From: Blanchard, William <wblanchard_at_societyinsurance.com> Subject: Privileges by session
To: oracle-l_at_freelists.org
Date: Thursday, January 7, 2010, 1:21 PM

Greetings,
I have convinced management to allow me to grant read-only access to the developers.� The problem is that they know the application passwords and have been using those passwords to circumvent my controls.� Is there a way via a trigger, role, etc to change individual sessions privileges so they have read only (select) permissions?� The easiest way would be to change the permissions on the applications but that's not an option. Thank you,
WGB - This email and any information, files, or materials transmitted with it are confidential and are solely for the use of the intended recipient. If you have received this email in error, please delete it and notify the sender.

--
http://www.freelists.org/webpage/oracle-l

Received on Thu Jan 07 2010 - 15:15:33 CST

This message: [ Message body ]
Next message: Janine Sisk: "Re: Replacement of US7ASCII character set in 11g?"
Previous message: Janine Sisk: "Replacement of US7ASCII character set in 11g?"
In reply to: Blanchard, William: "Privileges by session"
Next in thread: Blanchard, William: "RE: Privileges by session"
Reply: Blanchard, William: "RE: Privileges by session"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message