Re: OS authenticated vs. Known passwords

On 27-Jan-99 15:47:45 Tommy Wareing wrote:

>We're getting two new machines. One's going to be a database server,
>one's going to be the user server.

>So users will telnet to one box, and run character mode forms 4.5,
>connected via SQL*NET to the server.
>We also have some users using SQL*NET directly from their PCs to
>connect to Oracle accounts with select only access.

>We do not want the users to have access to Oracle accounts that can
>modify the database with out them being forced to use our forms.

>How do we arrange this? It gets hard to even describe the problem...

Hello Tommy,
try using roles for this:

We have a role called db_user that allows access to the database. This role has a password and it isn't the default role for our users. The users themselves just have minimal privileges to connect to the database (i.e. create session).
When they connect via SQL*Plus, they are connected but cannot do much harm.
Only if they use our application they have access to the data. The application issues a set role command when it starts. This way the users can have thier own Oracle password. They just must not know the password for the role.
Even our developers do not need t because they have db_users as thier default role.

Hope that helps,
Lothar

--

Lothar Armbrüster       | lothar.armbruester_at_rheingau.netsurf.de
Schulstr. 12            | lothar.armbruester_at_t-online.de
D-65375 Oestrich-Winkel |