Re: Avoiding use of other Oracle client

From: DanHW <danhw_at_aol.com>
Date: 03 Dec 1999 05:49:52 GMT
Message-ID: <19991203004952.26891.00000230_at_ng-cr1.aol.com>

>Hi,
>I have developed an application were the security access is
>determined programmaticaly; but if a user decides to install
>a client for the Oracle database, it could access all data.
>�Is there a way to avoid user use other client instead of
>my application?
>
>
If you are using the set_role to grant the access, then the user has the grants granted, but that does not mean they are enabled.

Once a role is granted to a person, you can specifiy if that role is enabled (by default, all are). I believe the syntax is

alter user default role xyz;

Now when they log in, even though they may have lots of roles granted, the only one "active" is xyz. Define the default roles to be enough to open your app and do the security, but not see/update/etc the data. When they login thorugh another app, they will get just the default role, which you have designed so that is has no access to the data.

Hope this helps

Dan Hekimian-Williams Received on Fri Dec 03 1999 - 06:49:52 CET

This message: [ Message body ]
Next message: DanHW: "Re: How to specify the "AT DB_NAME" in Connect Remote Database in Por*C"
Previous message: DanHW: "Re: What's FASTEST way to IMPORT Massive amounts of TRANSACTIONAL DATA? (Non-SQL*Loader)"
In reply to: Sex_appeal: "Avoiding use of other Oracle client"
In reply to Sex_appeal: "Avoiding use of other Oracle client"
Next in thread: DanHW: "Re: How to specify the "AT DB_NAME" in Connect Remote Database in Por*C"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message