Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Autorisation in ODBC for Oracle 7.3

Re: Autorisation in ODBC for Oracle 7.3

From: Sybrand Bakker <postbus_at_sybrandb.demon.nl>
Date: Sat, 27 Mar 1999 18:17:17 +0100
Message-ID: <36FD129D.CBE02672@sybrandb.demon.nl> 





In the particular example I was referring to, sqlplus was not installed on
end-user pcs, the client being written in Powerbuilder. It also appeared that
issuing the set role statement from Access in a pass-thru query ran in a
separate session, not affecting the session the user originally started.
I doubt whether you will provide sqlplus to many users, in projects I have been
in, this was not customary. Your remarks are correct, but obviously you are
referring to hacking.



Best Regards,



Sybrand Bakker, Oracle DBA



Nina Wiesemann wrote:



> The disadvantage of the SET ROLE statement is, that every user can use it


> from SQLPLus for example and set her roles. Now you can argue that you can


> protect the role with a password so you have to use SET ROLE with the


> appropriate password to activate a role. Disadvantage : With a trace tool


> you can spy out the statement including the password.


>


> N. Wiesemann


>


> ----------


> Im Beitrag <36FAA621.53114580_at_sybrandb.demon.nl>, Sybrand Bakker


> <postbus_at_sybrandb.demon.nl> schrieb:


>


> >Answers below embedded


> >


> >Hth,


> >


> >Sybrand Bakker, Oracle DBA


> >


> >Martijn Oudeman wrote:


> >


> >> I am a user of a ODBC driver fro a Oracle 7.3 database. I use the driver


> >> in combination with Excel. I have to wuestions?


> >>


> >> 1.


> >> Is it possible within ODBC to disable insert, update and delete


> >> priveleges for a certain user. The user does have these priveleges while


> >> user the original application for which the database was build.


> >>


> >


> >If the user owns the table it is not possible. If the user doesn't own the


> >table, and has privilege through non-ODBC applications it' simple:


> >create a role that has select privilege only. This is the only role that


> >should be the default role. Create other role(s) with the other privileges.


> >These should not be on by default, and need to be enabled by set role


> >statements.


> >


> >


> >>


> >> 2.


> >> Is it possible to incorporate horizontal database autorisation through


> >> ODBC without using VIEWS on the original tables?


> >> If not, how can I manage that a certain user can only read data from a


> >> database when the retreived records meet certain conditions (derived


> >> from the user name of other database tables) ?


> >


> >create view xyz


> >as select * from table


> >where user_column = user


> >The right hand user is a pseudo column returning the currently logged on


> >user


> >








Received on Sat Mar 27 1999 - 11:17:17 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US