Re: ODBC Bypassing Oracle's Security :-(

Brian:

ODBC cannot bypass Oracle's security. It's not entirely clear to me how you've set up privileges and schemas (example--with names changed to protect the innocent--would help). Are you logging in under the user name that OWNS the tables you're updating? That would seem likely. Are these read-only users assigned a role with an UPDATE ANY system privilege or UPDATE object privileges?

PRODUCT_USER_PROFILE is fine for SQL*Plus but won't help you with Access. Let me know if you'd like a way of controlling access to Access forms and reports. I'm working on a VERY simple scheme for doing so.

Don't lose faith... you don't need snapshots!

:)

-John C. Hopkins
Programmer/Analyst

Brian Graham wrote in message <350EA54B.594_at_qouest.net>...
>I've set up an Oracle account where I've granted select priviledges
>only on the desired tables. I've then set up synonyms to the tables.
>
> When I used ODBC32 and MsAccess '95, I find that I can update the
>owner's tables directly, and via the synonyms I created. Again, the key
>word is UPDATE. I wanted read-only access.
>
> I've already tried adding a entries into PRODUCT_USER_PROFILE
>disabling updates and ODBC but that didn't resolve the issue. We are
>using Oracle7 32 bit ODBC driver (production) 2.5.3.1.0B .
>
> Any suggestions? I don't intend to turn an inexperienced user loose
>under these conditions. The intent here is to have LINKS to the tables,
>so the user gets updated information. For now I guess I have to go with
>snapshots of the database..
>--
>Brian Graham (grahamb_at_qouest.net)
Received on Tue Mar 17 1998 - 00:00:00 CST