Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Security for sqlplus--
In article <01bbf7eb$cf637e80$b16893cf_at_default> vardhineni_at_worldnet.att.net writes:
>You can use PRODUCT_USER_PROFILE table to disable SQL and SQL*PLUS
>commands for a particular product (i.e SQL*PLUS, FORMS). Through this you
>can disable SELECT, INSERT, UPDATE etc for individual users (or for all
>users ) when they connected to your database using SQL*PLUS.
>To disable SELECT for the user SCOTT you insert following values in the
>PRODUCT USER PROFILE table. Query your data dictionary for
>PRODUCT_USER_PROFILE table. It will be there
>INSERT INTO PRODUCT_USER_PROFILE (product, userid, attribute, char_value)
>values ('SQL*Plus', 'SCOTT', 'SELECT', 'DISABLED');
>Using PRODUCT_USER_PROFILE ,You can disable commands for SQL*Plus. But, if
>user's access the database using ODBC, PRODUCT_USER_PROFILE will not
>disable these commands for the user.
OK is it possible to do the following?
INSERT INTO PRODUCT_USER_PROFILE (product, userid, attribute, char_value)
values ('SQL*Net', *, 'INSERT', 'DISABLED', 'SQL*Net', *, 'UPDATE', 'DISABLED', 'SQL*Net', *, 'DELETE', 'DISABLED' );
My users want to use MSWindows based client-server report writers. This probably means ODBC which in turn means that somebody could use a ODBC enabled application to potentially screw-up the data.
Philip
---=====================================================================---Philip Chee: Tasek Cement Berhad, P.O.Box 254, 30908 Ipoh, MALAYSIA e-mail: philip_at_aleytys.pc.my Voice:+60-5-545-1011 Fax:+60-5-547-3932 Guard us from the she-wolf and the wolf, and guard us from the thief,
oh Night, and so be good for us to pass.
--- þ 9836.11 þ When choosing between two evils, select the newer one.Received on Wed Jan 01 1997 - 00:00:00 CST