Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Interfacing LOGON procedure (WAS: Security for a group of users)

Re: Interfacing LOGON procedure (WAS: Security for a group of users)

From: DanHW <danhw_at_aol.com>
Date: 15 Aug 1998 02:28:54 GMT
Message-ID: <1998081502285400.WAA25979@ladder01.news.aol.com> 





>Interfacing LOGON procedure (WAS: Security for a group of users)


>From: Wolfgang.Rothmayer_at_bmw.de


>Date: Wed, Aug 5, 1998 10:42 EDT


>Message-id: <35c86f50.116222158_at_news.muc>


>


>Hi there,


>


>in my efforts to establish a security mechanism for a group user many


>newsgroub members dropped in their comments - A BIG THANK YOU TO ALL


>WHO JOINED the discussion.


>


>As I am still collecting information on this matter a new idea is to


>interface the login procedure.


>


>1. Get the user who logs into the database


>2. Check if the user is allowed to access an application (This is only


>possible if the login already took place as only then the information


>is accessible in the V$SESSION table -  Does anyone has experience


>with this ?


>3. Close the connection for the user who logs in and reroute it to


>another one with more rigths or setting a ROLE for this user.


>


>Is it possible to interface the login procedure in ORACLE 7.x ?`


>Does anyone have experience with such things ?


>


>Many thanks in advance for any input,


>Wolfgang.





If the user has the appropriate roles GRANTED, but not ENABLED, they will not
have the roles in their session until they are explictily set via the SET ROLE
command. The easiest way to accomplish this is to grant the role to the user
(or to roles that are in turn granted to users), but then ALTER USER xxx
DEFAULT ROLE ..., and list the ones they have by default (when they connect).
You application can determine via table lookups, etc what roles a certain user
is supposed to have and and use the DBMS_UTILITY.SET_ROLE procedure to set them
for the current session (I believe that is the name of it...).



I have implemented this at my client site; have been using it for 1-1/2 years
on Oracle7.1 and 7.2. I actually have a Login screen that takes a parameter
from the NT icon stating the app they want to run. The login program sets the
roles, starts the right app, then quits.




Hope this gets you started...



DanHW
Received on Fri Aug 14 1998 - 21:28:54 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US