Re: Selectively Control ODBC Access? How?

<snip>
> As another posting suggested, you can enable roles dynamically. To do
this,
> GRANT the roles to the users, but set the default roles to exclude
most (or all
> the "dangerous" ones). When they start up the "good" application, use
the
> DBMS_SESSION.SET_ROLE to enable the rest of them.
>
> This assumes that you can control the "good" program, or at least
start up a
> form (a login form for example) , that can start the "good" program.
>
> You can appease them perhaps, by creating roles with select access
against the
> tables, and granting these roles and having them be in the list of
default
> roles.
>
> Hope this helps
>
> Dan Hekimian-WIlliams

This is the easiest solution if, as Dan said, you have some control over the good app. If not then the absolutely secure way is said to be to write your own server-side triggers ("instead of" triggers) which rigourously control Insert/Edit/Delete on your tables. You then do not grant ANY access priviliges to any user, you just grant Execute priviliges to your Triggers. They can access the data with any tool they fancy, but can't do any harm because your integrity checks are water-tight! To me this sounds thoroughly safe, - and a lot of work! BTW this isn't just an Oracle problem, I have the same trouble with people trashing FoxPro .DBF tables with Access or Approach or Lotus-123 or w.h.y.
Good Luck - AndyD 8-)# "The second millennium of the Christian era ends at midnight on 31st December 2000AD"

Sent via Deja.com http://www.deja.com/
Before you buy. Received on Thu Nov 18 1999 - 16:55:40 CET