Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Oracle security -- oracle id vs application tables

Re: Oracle security -- oracle id vs application tables

From: Hermen W. Huiskamp <ihwh_at_iname.com>
Date: 1997/07/12
Message-ID: <33C785E9.7BE3C329@iname.com>#1/1 







This is a multi-part message in MIME format.

--------------63CA952A889F3A1A24DAD35A
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit





Crispin Lee wrote:



> HI,

>

> Has anyone done some security control for custom made Oracle-based

> application?

>

> I believe there are different views on whether security control for

> application should be using Oracle ID or using application tables.

> Need to

> compair the pro and con of these two methods.

>

> We are currently designing a business application for the government

> and

> they say that security access should be handled by the Oracle RDBMS as

>

> it

> is proved and secured as compaired to using application tables. There

> will

> be 7000+ application users and I am against the ideas as I don't think

>

> creating 7000+ ORACLE ID is the way to go. And I need to get strong

> justification for adopting application tables approach.  Can someone

> share

> with me their comments?

>

> Thanks

>

> Crispin




 Dear Crispin,



If you want secure access you will want any user to have his own id
(his/her fingerprint!!!).


What you will need to do is make optimal use of the role-authorization
Oracle provides.


Define a set of system roles to grant to types of system users, i.e.
developer, data-entry staff, query-only and the like. Then create
application dependent roles, i.e. accounting data-entry (AP/AR),
accounting datawarehouse, accounting controller.
This combined set will make life easier.
Then you may develop some software, Oracle*Forms and PL/SQL, to make
life real easy! Enter, update, or change user-id specifics and fire the
odd database trigger, and granting or revoking will be a cinch.



F&C



Hermen W. Huiskamp


--------------63CA952A889F3A1A24DAD35A
Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Huiskamp, Hermen W.
Content-Disposition: attachment; filename="vcard.vcf"

begin:          vcard
fn:             Huiskamp, Hermen W.
n:              Huiskamp;Hermen W.
org:            ORDINA HDT (IT-Consultancy)
adr:            Goeverneurkade 41;;;Voorburg;;2274 KK;Nederland
email;internet: ihwh_at_iname.com
tel;work:       06/54245479
tel;fax:        070/3000719
tel;home:       070/3000715




x-mozilla-cpt:  ;0


x-mozilla-html: FALSE


end:            vcard




--------------63CA952A889F3A1A24DAD35A--

Received on Sat Jul 12 1997 - 00:00:00 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US