Re: session control

From: J Alex <jalexanderssd_at_yahoo.com>
Date: Wed, 01 Jan 2003 00:09:04 GMT
Message-ID: <AkqQ9.191379$Db4.5392653_at_twister.tampabay.rr.com>


"pradip_chanda" <member_at_dbforums.com> wrote in message news:2310094.1040545277_at_dbforums.com...
>
> I have an application (IDS -Forms) ithrough which when a user logs in ,
> gets permission to insert/update tables. But this permission he does not
> have otherwise. This was done so that a user is not able to edit tables
> through any applicationsn (e.g. sqlplus) other than the forms.
>
> But if the user has already got a running session through the above
> mentioned application he can login & edit tables through 'sqlplus'. This
> I don't want. By database is Oracle 8i Enterprise Edition 8.1.7.
>
> Any idea!
>

Yes, don't do a direct grant on the tables. Create a role with those grants, then grant the role to the user but change the setting so that it is NOT a default role. This means when the user logs in he will not have the role. Then modify the initial form to grant the role for that session. For the forms, he'll have the role, but if the user goes into SQL*Plus or Excel or whatever he won't have the role.
This is a standard security technique well documented in the Forms doc. Received on Wed Jan 01 2003 - 01:09:04 CET

Original text of this message