Re: Implementing security

From: Steve Phelan <stevep_at_pmcgettigan.demon.co.uk>
Date: 1997/03/10
Message-ID: <33244B16.7C3E_at_pmcgettigan.demon.co.uk>#1/1

Michael Leung wrote:
>
> Hi,
>
> I would like to know what the proper way of handling user security in
> Oracle applications should be. I know that I can define an application
> role and then set the role in an application (Oracle Forms) with a password
> to limit user to access unnecessary objects. However, I find that this
> approach seems not very flexible for security management purpose because I
> need to re-compile the source code everytime I has changed the password.
>
> Please share any experience + good reference you have. Thanks in advance.
>
> Michael

Sorry, It's a long time since I used Forms, so that's out of my area. However, Roles are part of the database, so you can use them to implement a security scheme regardless of the front-end development tool.

Basically, you set up roles (collections of privileges - both system-wide and object specific) for different types of users (groups of users, if you like), and then assign those roles to your users. This will not be affected by user password changes, etc. Have a look at the Database Security section of the Oracle Server Concepts manual for a good introduction to Oracle database security.

Steve Phelan. Received on Mon Mar 10 1997 - 00:00:00 CET

This message: [ Message body ]
Next message: ARRASATE SISTEMAS: "Number of records fetched with a cursor"
In reply to Michael Leung: "Implementing security"
Next in thread: Mal Heseltine: "Re: Implementing security"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message