Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: client/server to oracle

Re: client/server to oracle

From: PaulCinVT <paulcinvt_at_aol.com>
Date: 28 Sep 1999 15:21:33 GMT
Message-ID: <19990928112133.08718.00001478@ngol04.aol.com>


A simpler method to restrict access from adhoc query tools

--demonstration table...

CREATE TABLE DEPT3_15 (
    DEPT_NO NUMBER(10),
    DEPT_NAME VARCHAR2(30));
--demostration user...

CREATE USER MARY IDENTIFIED BY MARY; CREATE ROLE SELECT_ROLE; CREATE ROLE UPDATE_ROLE IDENTIFIED BY SECURE; GRANT SELECT ON DEPT3_15 TO SELECT_ROLE; GRANT SELECT, INSERT, DELETE, UPDATE ON DEPT3_15 TO UPDATE_ROLE; GRANT SELECT_ROLE, UPDATE_ROLE TO MARY; ALTER USER MARY
DEFAULT ROLE ALL EXCEPT UPDATE_ROLE; Insert program code to enable the role into applications allowed to modify data.

BEGIN
   DBMS_SESSION.SET_ROLE('UPDATE_ROLE IDENTIFIED BY SECURE'); END; The downside of this all other roles are now disabled :-(

so...you do something like...

DECLARE
CURSOR C1 IS
   SELECT GRANTED_ROLE
   FROM USER_ROLE_PRIVS;
TMP VARCHAR2(100);
ISENABLED BOOLEAN;
BEGIN
   TMP := 'UPDATE_ROLE IDENTIFIED BY SECURE';    FOR I IN C1 LOOP

     ISENABLED := DBMS_SESSION.IS_ROLE_ENABLED(I.GRANTED_ROLE);
     IF ISENABLED AND I.GRANTED_ROLE != 'MARKETING' THEN
           TMP := TMP||', '||I.GRANTED_ROLE;
      END IF;

   END LOOP;
   DBMS_SESSION.SET_ROLE(TMP);
END; Paul in VT Received on Tue Sep 28 1999 - 10:21:33 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US