| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Security
John Jones wrote:
>
> Actually quite easy to do. Look into using "NON-Default Roles". Every User
> should be granted just the "connect" or "create session" privilege. Next
> you create a role that does the things that you want them to do. Then
> within the application you grant the new role to the user when he comes in
> with the application and then take it away when he quits the application.
> With just the connect privilege, they will be able to use SQL*plus or other
> tool to connect, but will no privileges or roles to do any thing else.
>
> John Jones
> Senior Oracle DBA
> Duke University, OIT
> john.jones_at_duke.edu
>
> Miha ®nidar¹iè <miha.znidarsic_at_ixtlan-team.si> wrote in message
> news:BPlB4.1357$ep.42902_at_news.siol.net...
> > We have a security problem. We have a aplication and we would like to
> > disable some users to connect to DBMS ouside our aplication. With SQLPlus
> > this is possible throuhg PRODUCT_USER_PROFILE table, problem are other
> > tools. Has someone done something like this and how?
> >
> >
> > Miha ®nidar¹iè
> >
> >
> >
'CONNECT' probably has a lot more power than you want to be giving to the average end-user. Why Oracle called it 'CONNECT' I'll never fathom.
HTH
-- =========================================== Connor McDonald http://www.oracledba.co.uk We are born naked, wet and hungry...then things get worseReceived on Mon Mar 20 2000 - 00:00:00 CST
 |
 |