Re: Preventing SQLPLUS access?

Jurij Modic wrote:
>
> > On Fri, 6 Jun 1997 18:23:56 GMT, skubiszewski_at_Eisner.DECUS.Org wrote:
> >
> > >We have a large user base using a custom-written client-server
 application
> > >with Oracle as the database. Our developers are worried that crafty
 users
> > >will discover that they can use their application signon to come in
 via
> > >SQLPLUS. We don't want anyone manipulating the database from outside
 

> > >the custom application.
> > >
> > >Is there an easy way to prevent this from happening?
>

    The best way I have found is to use the "Product User Profile" feature of ORACLE. The only reference I have here at home is in the "Oracle DBA Handbook" by Kevin Loney (Pages 298-299 and 400). I think the Oracle Doc set ref is in the Installation Guide or the Administrators User Guide, I'm not sure.

    Basically what the "Product User Profile" feature allows is for the DBA to specify what what use/access the users have to what "ORACLE" products.

    The script used to build the tables and/or views involved is PUPBLD.SQL (Product User Profile Build ? ? ?), usually located in $ORACLE_HOME/SQLPLUS/ADMIN and the KEY table created is PRODUCT_USER_PROFILE. Don't forget to be connected as SYSTEM.

    My DB's are set as follows, ABSOLUTELY NO SQLPLUS access for USERS/DEVELOPERS on Production, but full access on Development.

    Paranoia is characteristic of being a DBA not a prerequisite!

Joe Received on Thu Jun 26 1997 - 00:00:00 CDT