Re: restricting users

Maybe you can check the product_user_profile file. I don't know how you can prevent someone to connect to SQL*Plus but at least you can prevent them from using some commands.

In product_user_profile, you can set the product to 'SQL*Plus', the userid to your user (you can even put % sign for all users), the attribute would be the command the user cannot access ('SELECT', 'UPDATE', 'CONNECT', etc.) and the char_value would be 'DISABLED'.

I know it's not exactly what you want but it's a start!

Johanne

Cor a écrit dans le message <3803792F.1B0E_at_wxs.nl>...
>Hi,
>
>I'm trying to find a way to restrict users in how they can connect to
>the ORACLE database. I want them to be able to connect from applications
>only, using Forms and Reports. For security reasons, I do not want them
>to be able to connect through any other tool, especially SQL+ of course.
>
>It needs to be done on DB-level, using a trigger or something.
>
>Seems quite hard: I don't want to create a job that fires every 5
>seconds to check if there is a record in V$SESSION that has a USER
>connected with a PROGRAM that I do not allow, and than disconnects that
>session by the ALTER SYSTEM DISCONNECT SESSION (id).
>For performance-reasons, that seems a bad plan.
>
>Other ideas so far that didn't work out: AUDIT CONNECT BY (all users),
>and build a PRE-INSERT trigger on SYS.AUD$. Don't work since you can't
>put triggers on SYS"s objects. Also: AUDIT INSERT ON V$SESSION and then
>check for the right program don't work since SYS-actions can't by
>audited. Also: messing with the login-scripts for SQL+ (adding "EXIT")
>for the users won't do because users can edit those files.
>
>Well... somebody, anybody knows how to fix this?
>
>I'd be very, very thankfull for every hint.
>
>Greetings from a rainy Netherlands,
>Cor.
Received on Tue Oct 12 1999 - 14:33:45 CDT