Re: Privileges by session

From: Yechiel Adar <adar666_at_inter.net.il>
Date: Tue, 12 Jan 2010 14:54:53 +0200
Message-id: <4B4C711D.3020103_at_inter.net.il>

I would take the following steps:
1) create a user that has read only access to all the tables. 2) Put in a login trigger that will fail all logon with the application user but with other programs like SQLPLUS or TOAD. 3) As has been written, add logging violations to the trigger and reporting the violations.
3) Add checking the source machine in the trigger.

That should take care of 95& of the problem

Adar Yechiel
Rechovot, Israel

Blanchard, William wrote:
>
> Greetings,
>
> I have convinced management to allow me to grant read-only access to
> the developers. The problem is that they know the application
> passwords and have been using those passwords to circumvent my
> controls. Is there a way via a trigger, role, etc to change
> individual sessions privileges so they have read only (select)
> permissions? The easiest way would be to change the permissions on
> the applications but that's not an option.
>
> Thank you,
>
> WGB
>
> -
>
> This email and any information, files, or materials transmitted with it
> are confidential and are solely for the use of the intended recipient.
> If you have received this email in error, please delete it and notify
> the sender.
>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Tue Jan 12 2010 - 06:54:53 CST

This message: [ Message body ]
Next message: Kellyn Pedersen: "Re: Partitions expanding above the HWM"
Previous message: Nuno Souto: "Re: Database comparisons"
In reply to: Blanchard, William: "Privileges by session"
Next in thread: Jared Still: "Re: Privileges by session"
Reply: Jared Still: "Re: Privileges by session"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message