Re: Security

In article <58tefc$lnn_at_newsgate.dircon.co.uk>, Gordon Cartwright <tabors_at_dircon.co.uk> writes
>One of our new systems will have the same users accessing the databases via two
>products: A bespoke application written in VB and an 'end-user' tool which is
>capable of table definition, updates etc.
>
>My problem is to destinguish the two access paths for security purposes.
>Updating via the VB app is fine, but totally unacceptable via other products.
>
>I could give the VB application a specific userid/password that the users don't
>know, but the development team also have to be prevented from prod update
>access. Again read-only is fine.
>
>Any suggestions?

The best thing to do here is to give each user two roles - a read-only role and a full access role. The read-only role shoudl be the default so that whenever the user goes into the database 'unofficially' they cannot update.

Add some startup code to your application which issues an 'alter session set role ...' command immediately after connecting to the database to enable the correct role.

-- 
Jim Smith