Re: Reject user connect to database via SQL*PLUS ??
Date: Tue, 19 Oct 1999 10:44:23 GMT
Message-ID: <7uhi26$30c$1_at_nnrp1.deja.com>
In article <380aaa19.1927620_at_news.demon.nl>,
postbus_at_sybrandb.demon.nl (Sybrand Bakker) wrote:
> On Mon, 18 Oct 1999 04:09:22 GMT, Agi <agichen_at_my-deja.com> wrote:
>
> >Hello,theres,
> > Our users usually use discover to retrive data.
> > Can I audit the user who uses sql*plus( or other tools like
> > Access,Foxpro--via ODBC) to connect db ??
> > Or even reject the requests except Discover users ????
> >
> > Any Idea ??
> > Do appreciate for your help !!
> >Rgds,
> >Agi
> >
> >
> >
> >
> >
> >
> >Sent via Deja.com http://www.deja.com/
> >Before you buy.
> Yes you could set the init.ora parameter audit_trail to true
> and issue an audit connect statement, which would audit all
> connections. It is not possible to discriminate.
> Usually questions like this just ask for setting up roles:
> one role which has very few privileges, but it is the default role.
> The other role has all privileges associated, but it needs to be
> enabled by issuing a set role command. In ODBC the set role doesn't
> work, so those users are effectively shut out. I would expect the
> avery user is not capable of issuing set role in sql*plus.
>
> Hth,
>
> Sybrand Bakker, Oracle DBA
>
Hi,
This does not sound safe to me. what if somebody knows how to do
set role in sql*plus ?
of course, you could protect your role via passwords, but then you need
to hardcode or store that password somewhere. Not very secure either.
you could try to use the product_user_profile and product_profile
tables to lock out unwanted products.
dunno how to do that in detail - sorry.
Karsten
Sent via Deja.com http://www.deja.com/
Before you buy.
Received on Tue Oct 19 1999 - 12:44:23 CEST