Re: t have two problemms about oracle authentication,can you help me?

[Quoted] ldd600_at_163.com wrote:

> Sybrand Bakker wrote:

> Bakker, I'm so sorry, because english is not my native language,and my
> english is very poor. I have tried my best to express myself  more
> clearly. I don't use the word "confused" to  complain about something,
> I just used it to express  that I  didn't  understand something.
> 
> I just want to specify some roles to be enabled for the current
> session. Any roles not listed are disabled for the current session.
> 

[Quoted] I don't think language is the issue here. "client identifier such as ic card's number" isn't going to make any sense regardless of the language in which it is expressed unless "ic card's number" is a local idiom. I've no idea what an ic is, I know what an IC is; that's short for Integrated Circuit, but as far as I know "ic" isn't an English word.

(quick sanity check performed with
http://www.answers.com/main/ntquery?gwp=13&s=ic )

[Quoted] Password protected roles might do what you want. But this will most likely require the application to be modified. One thing I don't understand though: if you can't modify the application, how are you planning to transmit the "ic card" info to the database?

[Quoted] I'm not sure what the Advanced Networking Option is called in 10g; the 8.0 ANO docs are on Oracle Technet; the following link might work: http://download.oracle.com/docs/cd/A64702_01/doc/network.805/a58229/ch1.htm#740291 The DCE stuff (picked as an example of stuff documented in the 8.0 ANO doc) is also covered in the 10g doc:
http://download.oracle.com/docs/cd/B14117_01/network.101/b10772/toc.htm This is possibly the doc Sybrand thinks you should read.

[Quoted] If you're reading this Sybrand, my feeling is that he wants to connect to Oracle with username, password and something, then have the logon trigger act on that something to set the roles for the session. Pointing him to ANO suggests you think this is possible, but ANO appears to be quite a large area so could you give one or two more clues, or possibly even a direct chapter reference? I've scanned the contents but nothing seems to jump out at me, and I haven't really got the time to read the whole manual in detail.

[Quoted] Rereading the following: "That means restricting db_user's privileges and roles only in the session ,but not revoking them from the db_user. In this way, another user who uses a different ic card but the same oracle account db_user can get more privileges and roles in his session."

[Quoted] To use password protected roles you'd need some way of translating an "ic card" into a role name and password. The application would connect to the Oracle schema then select the roles for which it has that info. This way you'd probably get the behaviour you want, if my understanding is correct.

[Quoted] "The privileges and roles have granted to the db_user before."

[Quoted] But in this solution the privileges and roles would NOT have been granted to the db_user; they would be chosen by the application after connect based on the translation from the "ic card" information.

[Quoted] This is all based on guesswork, so if I'm way off mark, you definitely need to provide a full and detailed explanation of exactly what you want, preferably after reading several Oracle manuals which should AT LEAST include the Oracle Database Concepts manual so that you have an idea of what terminology to use. Correct terminology is absolutely vital to clear communication, particularly when sales droids like muddying the waters by inventing their own words that are vague and often misleading (Microsoft's overuse of the .Net buzzword a couple of years ago is a prime example, leading people to all sorts of silly questions like "is my toaster .Net compatible, because listening to Microsoft it sounds like my house will implode if it isn't")

Dave. Received on Fri Jul 21 2006 - 12:20:07 CEST