Re: What driver is connecting to my database?

Ben wrote:
> EdStevens wrote:
> >
> > There is no way that I know of to do the specific thing you are asking
> > - to enforce an interface driver to take care of your security. Sure,
> > some drivers have a 'read-only' property that can be turned on. And it
> > can just as easily be turned off. And who has control of the setting
> > of that property? Probably not the DBA.
> >
> > The key is in your statement "If any of our users want to use MS Access
> > to connect to our database they are SUPPOSED to use that driver with
> > linked tables." (emphasis mine). And if they choose not to use that
> > driver? And if they choose to use the Oracle or MS driver, and not
> > turn on the 'read-only' attribute?
> >
> > This really does need to be handled in the DB itself. Previous DBA
> > didn't do it? Now that you're the DBA (regardless of your title) you
> > can and should fix it correctly. That would be to revoke any
> > insert/delete/update capability from the userid making the connection.
> >
> >
> > Are these users using a single Oracle userid, or do each of them have
> > their own? Either way, if they are using a userid that elsewhere has a
> > legitimate need to be able to modify data? If not, simplly revoke all
> > privileges except CREATE SESSION and object privilge of READ on the
> > specific tables they need.
>
>
> I agree fully, and I have started trying to migrate to a better
> security design. When I started working with it, we had two base users
> that connected through the ERP. One had access to all tables in our ERP
> schema and the other was supposed to be restricted and not allowed to
> view our HR tables. The users were given individual object grants and
> roles, but it was just a mess, with some of the objects being granted
> to both users and the roles and some being only to the roles and one
> user, etc. I've been trying to clean it up.
>
> I do understand that those users that are connecting should have
> restricted access to tables. I guess I was more curious in wanting to
> find out how many users are actually connecting via the Ora92
> driver/connection and how many were using the ERP ODA.
>
> Thanks for all the input, once again.

Sometimes you can get some useful information out of the the listener.log, if you have it turned on. Also, if you are technical, you can turn on sqlnet tracing. IIRC, there are docs at metalink that explain how to do and interpret those kinds of traces. You may not be able to know which driver, but sometimes date/time, program and user information can point you in the right direction. Funnily enough, I just took a gander at my log just because I was writing this, and discovered someone was using a new tool that had been laying about unused for a while - then shortly after that, an IS manager started using the tool... :-) Most of the connections to my production db are local, though, so OEM or v$ are my friends.

jg

--
@home.com is bogus.
http://www.signonsandiego.com/news/business/20060908-1407-gateway-ceo.html