Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: Using Roles for Security?
drpaner_at_intrex.net wrote:
> In article <6sk9vb$44d$1_at_tholian.cse.psu.edu>,
> groenvel_at_cse.psu.edu (John D Groenveld) wrote:
> > Why grant and revoke the role from the user? Why not just grant the role
> > and SET ROLE foobar in the app?
> > John
> > groenveld_at_acm.org
> >
>
> John,
> Good call! I was wondering why it did not appear that you could enable a role
> in the same session. I just didn't find the SET ROLE command in the
> docs-digging I did earlier. So now, the role is always granted to the user in
> question, however is disabled using SET ROLE ALL EXCEPT <ROLE_IN_QUESTION>.
>
> When the user logs in, an embedded SQL statement executes the statement SET
> ROLE <ROLE_IN_QUESTION>. The role is enabled. When the user logs out, the
> embedded SQL statement executes SET ROLE ALL EXCEPT <ROLE_IN_QUESTION>, which
> disables the role and disallows database access.
>
> That's just a bit nicer than how I was approaching it!
>
> Thank you for your help...
> Daniel
>
> -----== Posted via Deja News, The Leader in Internet Discussion ==-----
> http://www.dejanews.com/rg_mkgrp.xp Create Your Own Free Member Forum
With this solution, nothing prevents the user to do it without the application! If
this portion of database
is sensitive, you must protect it by using a password for the role and then
activating it by
SET ROLE ... IDENTIFIED BY password
Received on Mon Sep 07 1998 - 09:54:05 CDT