Pedro Lopes wrote:
> The most rich feature to control this is Database Vault.
>
> Although it's only available on 10gR2 and not on all platforms yet (I
> think only on Linux and Solaris right now).
>
> With DBVault you can define factors and rules like, for example :
>
> The DBA (yes, even the DBA) only can access from the IPAdress "x"
> between 06AM to 08PM to a certain schema or tables. He can't also
> execute alter session. :)
>
> DBVault deserves a closer look :)
>
> http://www.oracle.com/technology/deploy/security/db_security/database-vault/index.html
>
>
> On the same page there is a viewlet :
>
> Restrict DBA commands based on IP address
> http://www.oracle.com/technology/deploy/security/db_security/viewlets/demo7_viewlet_swf.html
>
>
> regards,
> Pedro
>
>
>
> rspai9_at_gmail.com wrote:
>> We are trying to restrict access to the database depending on a
>> combination of accessing machine's ip address and oracle username eg.
>> user jack should be allowed to access only from the ip address
>> 10.0.11.72 and not from any other ip address? Is this possible?
>>
>> Thanks in Advance for the Help.
>> Regards, Raj
This type of control can be created by coding using the SYS_CONTEXT
function all the way back to 9i and is also available in with the
ADVANCED SECURITY option.
--
Daniel A. Morgan
University of Washington
damorgan_at_x.washington.edu
(replace x with u to respond)
Puget Sound Oracle Users Group
www.psoug.org
Received on Sun Nov 19 2006 - 12:46:56 CST
