Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Restricting access to Source of procedures
You also have a third option.
What this does:
Since the role is not a default role, it is not enabled automatically when a
user logs into SQLPlus. Since it is password protected, they cannot turn it
on in SQLPlus. Therefore, within SQLPlus they will not have any privileges
to roles.
However, within Forms you are going to enable the role, so within their
forms sessions, users will have the ability to execute procedures.
I think you can search Forms HELP (try looking under 'session'). It gives a
pretty good write-up of how to implement.
Also, if your reports call procedures, then you'll need to pass the enabled
role with password as a parameter to the report (there is a specific 'run as
role' parameter that you use for this).
I have used both this method and the encryption method for security. Both
worked very well, although the encryption makes things difficult for
developers since they can't use dba_source to check what code is in
production. You may want to only encrypt the more sensitive code.
Allan Morris <allan.morris_at_actfs.com.au> wrote in message news:3934984F.3BD6F7D8_at_actfs.com.au...