Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: OS_AUTHENT + LDAP
Hi Markus,
beware that setting os_roles and remote_os_roles will allow the os to manage the users roles rather than the database. When a user creates a session the users security domain is initialised using roles from the OS. The OS then manages roles not the database. any roles created in the database are ignored and any attempt to revoked roles granted by the OS are also ignored.
There is a security risk with this in that an untrusted client could be used to enable roles to spoof privileges in the database. Also if you intend to use Roles within the database for non ldap users you will have to control all users roles from the OS if you use these parameters.
This might not help your issue but you should be aware of this.
hth
kind regards
Pete
-- Pete Finnigan email:pete_at_petefinnigan.com Web site: http://www.petefinnigan.com - Oracle security audit specialists Book:Oracle security step-by-step Guide - see http://store.sans.org for details.Received on Thu Jul 24 2003 - 14:00:29 CDT