Re: restricting users

I'm not a expert but if you don't grant create session, doesn't this keep them out of sqlplus?

In article <38037947.7BA7_at_wxs.nl>, cor_larem_at_wxs.nl wrote:

> Hi,
>
> I'm trying to find a way to restrict users in how they can connect to
> the ORACLE database. I want them to be able to connect from applications
> only, using Forms and Reports. For security reasons, I do not want them
> to be able to connect through any other tool, especially SQL+ of course.
>
> It needs to be done on DB-level, using a trigger or something.
>
> Seems quite hard: I don't want to create a job that fires every 5
> seconds to check if there is a record in V$SESSION that has a USER
> connected with a PROGRAM that I do not allow, and than disconnects that
> session by the ALTER SYSTEM DISCONNECT SESSION (id).
> For performance-reasons, that seems a bad plan.
>
> Other ideas so far that didn't work out: AUDIT CONNECT BY (all users),
> and build a PRE-INSERT trigger on SYS.AUD$. Don't work since you can't
> put triggers on SYS"s objects. Also: AUDIT INSERT ON V$SESSION and then
> check for the right program don't work since SYS-actions can't by
> audited. Also: messing with the login-scripts for SQL+ (adding "EXIT")
> for the users won't do because users can edit those files.
>
> Well... somebody, anybody knows how to fix this?
>
> I'd be very, very thankfull for every hint.
>
> Greetings from a rainy Netherlands,
> Cor.

TIA Received on Thu Oct 14 1999 - 11:38:07 CDT