Discoverer 9i security problem

I was charged to test Discoverer 9i in order to see if it's suitable for our projects.

Let's suppose we have a public Discoverer connection that allows anonymous users from the Internet to run some reports. Let's suppose we have also an EUL that contains private data and we want to give access to it through private connections only.

No problems with Discoverer Viewer: when an anonymous user connect to http://myserver.mydomain.com:port/discoverer/viewer he only sees the public connection and it's only able to use it. The priviledged users are forced to create a private connection for accessing the private EUL. Obviously they must know the database username and password, so these data are protected.

Now let's suppose that we want to build internally the worksheets for the public EUL, and we want to allow an outside user to build worksheets for the private EUL. We can restrict access to Discoverer Plus with SSO, of course, but I found out that when the outside user connects to Discoverer Plus, he will be able to build worksheets for the public connection too!

I can't believe it works like that. I'm sure there is some misunderstanding on my side about interaction between SSO and Discoverer Plus.

May you please confirm/contradict what I wrote?

Kind regards

-- 
Cris Carampa (spamto:cris119_at_operamail.com)

"Poveri fanatici comunisti, noglobal e affetti dalla sindrome
anti-microsoft" (gli utenti Linux secondo un poster di ICOD)