| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Autorisation in ODBC for Oracle 7.3
Hi,
1)
When a user has certain rights on tables she has the same rights from
SQLPlus, ODBC or whatever.
You could create a table where your application inserts the SID of the user
on logon.
For every table you should write an insert-update-delete-trigger. If the
current SID is not in the Table you could raise an application error.
Disadvantage : When the user finds out how to use this table from ODBC this
mechanism does not work anymore.
Better approach : Use one standard user to log into the database from within your application. Only this user has all write privileges on your tables. Provide some read-only views to the users they can access with their database-privileges.
2)
Without a view it seems to be impossible
N. Wiesemann
>I am a user of a ODBC driver fro a Oracle 7.3 database. I use the driver
>in combination with Excel. I have to wuestions?
>
>1.
>Is it possible within ODBC to disable insert, update and delete
>priveleges for a certain user. The user does have these priveleges while
>user the original application for which the database was build.
>
>2.
>Is it possible to incorporate horizontal database autorisation through
>ODBC without using VIEWS on the original tables?
>If not, how can I manage that a certain user can only read data from a
>database when the retreived records meet certain conditions (derived
>from the user name of other database tables) ?
Received on Thu Mar 25 1999 - 13:56:29 CST
 |
 |