Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: Oracle security -- oracle id vs application tables
This is a multi-part message in MIME format.
--------------63CA952A889F3A1A24DAD35A Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit
Crispin Lee wrote:
> HI,
>
> Has anyone done some security control for custom made Oracle-based
> application?
>
> I believe there are different views on whether security control for
> application should be using Oracle ID or using application tables.
> Need to
> compair the pro and con of these two methods.
>
> We are currently designing a business application for the government
> and
> they say that security access should be handled by the Oracle RDBMS as
>
> it
> is proved and secured as compaired to using application tables. There
> will
> be 7000+ application users and I am against the ideas as I don't think
>
> creating 7000+ ORACLE ID is the way to go. And I need to get strong
> justification for adopting application tables approach. Can someone
> share
> with me their comments?
>
> Thanks
>
> Crispin
Dear Crispin,
If you want secure access you will want any user to have his own id
(his/her fingerprint!!!).
What you will need to do is make optimal use of the role-authorization
Oracle provides.
Define a set of system roles to grant to types of system users, i.e.
developer, data-entry staff, query-only and the like. Then create
application dependent roles, i.e. accounting data-entry (AP/AR),
accounting datawarehouse, accounting controller.
This combined set will make life easier.
Then you may develop some software, Oracle*Forms and PL/SQL, to make
life real easy! Enter, update, or change user-id specifics and fire the
odd database trigger, and granting or revoking will be a cinch.
F&C
Hermen W. Huiskamp
--------------63CA952A889F3A1A24DAD35A Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Huiskamp, Hermen W. Content-Disposition: attachment; filename="vcard.vcf" begin: vcard fn: Huiskamp, Hermen W. n: Huiskamp;Hermen W. org: ORDINA HDT (IT-Consultancy) adr: Goeverneurkade 41;;;Voorburg;;2274 KK;Nederland email;internet: ihwh_at_iname.com tel;work: 06/54245479 tel;fax: 070/3000719 tel;home: 070/3000715
--------------63CA952A889F3A1A24DAD35A-- Received on Sat Jul 12 1997 - 00:00:00 CDT