Re: A Users Security problem...

You don't need two different user accounts for each user, just one. Grant that account both BASIC_USER and SOFTWARE_USER roles, but make sure that the SOFTWARE_USER role requires a password.

Then, in your application's startup process, issue an "ENABLE ROLE SOFTWARE_USER..." command to enable that role. Once this is done they will have all the privilieges of the SOFTWARE_USER role, but they still only have one schema so any objects they create can be accessed even when the SOFTWARE_USER role is turned off.

Luca Minudel wrote:
>
> Hi all,
> I'm setting users security in a Oracle Db, here comes my problems.
> I've put all Tables in a Db schema "MAIN" and I've defined two Roles :
> - "SOFWARE_USER" with Select/Update/Insert/Delete priviliges
> for each table in "MAIN" schema.
> This role can only create/drop in default user tablespace.
> - "BASIC_USER" with only Select privilege for each table in "MAIN".
>
> Each user will have 2 account, one with "SOFWARE_USER" role and one with "BASIC_USER".
> The first account with "SOFWARE_USER" role will be used only by an application I wrote (the password is hardcoded in the application).
> The second user account will be used by user from Oracle SQL-WorkSheet or similar.
>
> My application create temporary tables in the first user account/schema (the user account my application connects to).
> I need an EASY way to let users (connected with their second account from SQL-WorkSheet or similar) to select from these temporary tables.
>
> I don't want to rewrite my application for granting privileges and creating synonyms for temporary tables to the second account.
>
> Any idea?
>
> ___________________________________________________
> Luca Minudel software designer
> Italy Conegliano (TV)
> voice & fax +39 (0)438 412280
> e-mail luca.minudel_at_nline.it
> WWW (italian language used)
> http://www.geocities.com/SiliconValley/Vista/4041
  Received on Wed Apr 01 1998 - 00:00:00 CST