Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Autorisation in ODBC for Oracle 7.3
In the particular example I was referring to, sqlplus was not installed on
end-user pcs, the client being written in Powerbuilder. It also appeared that
issuing the set role statement from Access in a pass-thru query ran in a
separate session, not affecting the session the user originally started.
I doubt whether you will provide sqlplus to many users, in projects I have been
in, this was not customary. Your remarks are correct, but obviously you are
referring to hacking.
Best Regards,
Sybrand Bakker, Oracle DBA
Nina Wiesemann wrote:
> The disadvantage of the SET ROLE statement is, that every user can use it
> from SQLPLus for example and set her roles. Now you can argue that you can
> protect the role with a password so you have to use SET ROLE with the
> appropriate password to activate a role. Disadvantage : With a trace tool
> you can spy out the statement including the password.
>
> N. Wiesemann
>
> ----------
> Im Beitrag <36FAA621.53114580_at_sybrandb.demon.nl>, Sybrand Bakker
> <postbus_at_sybrandb.demon.nl> schrieb:
>
> >Answers below embedded
> >
> >Hth,
> >
> >Sybrand Bakker, Oracle DBA
> >
> >Martijn Oudeman wrote:
> >
> >> I am a user of a ODBC driver fro a Oracle 7.3 database. I use the driver
> >> in combination with Excel. I have to wuestions?
> >>
> >> 1.
> >> Is it possible within ODBC to disable insert, update and delete
> >> priveleges for a certain user. The user does have these priveleges while
> >> user the original application for which the database was build.
> >>
> >
> >If the user owns the table it is not possible. If the user doesn't own the
> >table, and has privilege through non-ODBC applications it' simple:
> >create a role that has select privilege only. This is the only role that
> >should be the default role. Create other role(s) with the other privileges.
> >These should not be on by default, and need to be enabled by set role
> >statements.
> >
> >
> >>
> >> 2.
> >> Is it possible to incorporate horizontal database autorisation through
> >> ODBC without using VIEWS on the original tables?
> >> If not, how can I manage that a certain user can only read data from a
> >> database when the retreived records meet certain conditions (derived
> >> from the user name of other database tables) ?
> >
> >create view xyz
> >as select * from table
> >where user_column = user
> >The right hand user is a pseudo column returning the currently logged on
> >user
> >
Received on Sat Mar 27 1999 - 11:17:17 CST