Here's another suggestion. Give the group user CREATE SESSION, but assign
all of the object privileges to a ROLE. Grant the ROLE to the group user,
but do not define it as a default role.
Inside your application you can issue a SET ROLE command to activate the
permissions. The ROLE can also be protected with a password.
Wolfgang.Rothmayer_at_bmw.de wrote in message <35bc7609.14804447_at_news.muc>...
>Hi there,
>
>we are seeking for a security mechanism to hinder the use of sqlplus
>for a group of users. No user of this group should be able to execute
>a SQL command if logged in into a database.
>
>On the other hand, we have a NT app where this user group gets logged
>in into this database. Login is done via a group user as the
>administration effort to handle each user differently is to high.
>
>Our aim is to minimize the adminstrative effort to change the password
>for the "group user".
>
>Any input is greatly appreciated.
>
>Wolfgang.
Received on Wed Jul 29 1998 - 07:28:38 CDT
