Re: t have two problemms about oracle authentication,can you help me?

From: <ldd600_at_163.com>
Date: 19 Jul 2006 23:24:14 -0700
Message-ID: <1153376654.310331.176790_at_m73g2000cwd.googlegroups.com>

Sybrand Bakker wrote:
> On 19 Jul 2006 20:46:47 -0700, ldd600_at_163.com wrote:
>
> >
> >Dave wrote:
> >> Not without more information.
> >>
> >> > 1.how do the clients transmit the identifier to Oracle before logon
> >>
> >> Over SQLNet. If you explain what you are trying to understand then a
> >> more detailed explanation may be possible.
> >>
> >> > 2.After logon Oracle,how can I lock some privileges or roles of this
> >> > user instead of revoking the roles?
> >> >
> >>
> >> What do you mean by locking privileges and roles?
> >
> >thank you very much Dave
> >1.Over SQLNet. If you explain what you are trying to understand then a
> >
> > more detailed explanation may be possible.
> >
> >I want to transmit client identifier such as ic card's number to
> >the oracle server before the logon trigger is invoked.
> >
> >2.What do you mean by locking privileges and roles?
> >
> >That means restricting db_user's privileges and roles only in the
> >session ,but not revoking them from the db_user. In this way, another
> >user who uses a different ic card but the same oracle account db_user
> >can get more privileges and roles in his session. The privileges and
> >roles have granted to the db_user before.
> >So, I can let different ic card users with the same oracle account
> >db_user have different privileges and roles. May I use the "set role
> >role1,role2 " or "dbms_session.set_role" to lock the other roles except
> >role1,role2.
>
> 1 You need the Oracle Advanced Networking Option. Other than that: No
> way
> 2 Not possible.
>
> --
> Sybrand Bakker, Senior Oracle DBA

thanks Sybrand Bakker.

why is it not possible? I tried it, then got answers as follows:

SQL> conn temp/temp;
Connected to Oracle9i Enterprise Edition Release 9.2.0.1.0 Connected as temp
SQL> create role a;

Role created

SQL> create role b;

Role created

SQL> grant a to b;

Grant succeeded

SQL> grant a to scott;

Grant succeeded

SQL> conn scott/tiger;
Connected to Oracle9i Enterprise Edition Release 9.2.0.1.0 Connected as scott
SQL> set role a,resource;

Role set

SQL> select * from session_roles;

ROLE

A
RESOURCE SQL> conn temp/temp;
Connected to Oracle9i Enterprise Edition Release 9.2.0.1.0 Connected as temp

SQL> grant a to b;

Grant succeeded

SQL> revoke a from b;

Revoke succeeded

SQL> grant a to b;

Grant succeeded

SQL> revoke a from scott;

Revoke succeeded

SQL> grant b to scott;

Grant succeeded

SQL> conn scott/tiger;
Connected to Oracle9i Enterprise Edition Release 9.2.0.1.0 Connected as scott

SQL> select * from session_roles;

ROLE

CONNECT
RESOURCE
B
A

SQL> set role a;

Role set

SQL> select * from session_roles;

ROLE

[Quoted] [Quoted] Can you explain what "not possile and Oracle Advanced Networking Option" means for me? I am confused. Received on Thu Jul 20 2006 - 08:24:14 CEST

This message: [ Message body ]
Next message: vernalGreens_at_gmail.com: "SQLPLUS Oracle 8i query"
In reply to Sybrand Bakker: "Re: t have two problemms about oracle authentication,can you help me?"
Next in thread: Frank van Bortel: "Re: t have two problemms about oracle authentication,can you help me?"
Reply: Sybrand Bakker: "Re: t have two problemms about oracle authentication,can you help me?"
Reply: Dave: "Re: t have two problemms about oracle authentication,can you help me?"
Reply: Frank van Bortel: "Re: t have two problemms about oracle authentication,can you help me?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message