Re: How would you handle this USER scenerio???

NNOOR wrote:
>
> I have two choices:
> A. Give every user a userid on the Oracle itself. Assign every one a
> common role which gives them access to the application schema's objects.
> My application will then maintain a list of authorized users in a table
> along with the details it needs to know.
>
> B. Create one "behind the scenes" id on the oracle which applicatoin
> uses to connect to Oracle. Then validate the user typed id and password
> against the list maintained by the application in a table. Using this
> approach, every application user does not become a user on ORACLE itself.

I would choose something between both of these scenario. Let's call it scenario C. Joseph pointed out a few good points, user resource management and auditing. "ObjectPal" (please at least put your name at the end of a post) pointed another good one, security from "Super Users".

If you need to support BOTH, why not create accounts for all your users (to help resource management and auditing) and create a password protected role to access your application's data. This role can easily be enabled by the application. So, you have all the user account that can't see a thing if they don't SET the appropriate ROLE.

That's the way I would do it if I needed it.

Thanks,

-- 
Stephane Lajeunesse.
Oracle DBA

Please remove nospam. from my e-mail address to reach me.