| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.misc -> Re: How would you handle this USER scenerio???
NNOOR wrote:
>
> I am writing a C/S app using Delphi 3 c/s and Oracle 7.3 on win NT.
> There will eventually be hundreds of users everyone looking at just
> their "own" records. I am faced with a dilemma here when it comes to
> set up these users on the Oracle and my application.
>
> I have two choices:
> A. Give every user a userid on the Oracle itself. Assign every one a
> common role which gives them access to the application schema's objects.
> My application will then maintain a list of authorized users in a table
> along with the details it needs to know.
>
> B. Create one "behind the scenes" id on the oracle which applicatoin
> uses to connect to Oracle. Then validate the user typed id and password
> against the list maintained by the application in a table. Using this
> approach, every application user does not become a user on ORACLE itself.
>
> Would you help me pick one of these two scenerios?
>
> Thanks a lot!!!
>
> Regards,
> Nasir (nnoor_at_cris.com)
Hi Nasir ,
I have the same predicament when I was on my recent project in Minnesota for a Hawaiian Database, working as their DBA . You guess it, its also a Delphi / Oracle combination .
One thing that you should consider is that when you decided to use one ORACLE account for all your user and let the application manage the user account and security then you turn your back on all the advance Oracle feature on the account managemet and security aspect .
Security is one thing , your application would be able to handle that (or can it ?????? You have to do a lot of coding to approximate that of features default to the RDBMS ) ,
Consider the following scenario ,
1.) How would your do about auditing each user in case there are suspicious activities on the database ?
( You have to code it maybe .... But how well can can you keep track on which one to audit ? Why not use the Oracle default and investigate each account in Oracle )
2.) If you are restrict the connect time of a particular user, His CPU USE , his profile . Once you edit the profile everyone will get affected . So you can't do it ,
( try coding it again maybe)
3.) You want to investigate or view how the user sends the transactions , or whos locking what ? , who is using which table, who is sending the SQL calls ......
( try coding it again maybe ...)
Its really hard to keep track when everybody has the same name.
I can go on and on ....
but I guess you get the picture ....
One thing I can say .... If you try to control the accounts
using the applications instead of the RDBMS .... Then you
turn your back with some good features that Oracle has to
offer..
Maybe your developers will say they can do all those ... And I don't doubt they can, but consider the time , the bulk of codes to duplicate thing that was already done and is already industry tested.
I hope this helps you make your decission .
Joseph
Unix/NT Oracle DBA
The opinions expressed above are of my own and doesn't reflect the opinions of my client companies , nor my employer ... Received on Wed Oct 22 1997 - 00:00:00 CDT
 |
 |