Re: Access control to forms by userid?

In article <001306Z06041994_at_anon.penet.fi> an42433_at_anon.penet.fi "dlima" writes:  

> I need to have "application-level security" in my ORACLE system.
> The current system uses SQL*Forms 2.3 with ORACLE version 6 (and
> *no* use of SQL*Menu).
> The requirement is to be able to control access by various users
> to the different forms that make up the application; and if possible,
> log an audit trail access to them on the fly.
> Has anyone seen or developed something similar? And how long will
> SQL*Forms 2.3 continue to be supported?
>
> Thanks in advance
> David D'Lima
> dlima_at_tcsernet.tcs.ernet.in
>

David,

SQL*Menu does not really allow the type of security configuration you describe - a forms based 'menu driver' provides much more power.

Why not store your programs in a table, and assign individual programs to security groups. Then assign oracle users to one of these groups. You can then control access to programs via your menu driver. You should find it easy to use your menu driver to write an audit log each time it carries out an action.

I think Forms 2.3 runs on Oracle 7 but is not certified - check with Oracle to make sure, although you may find opinions differ depending on who you speak to or what you read. Given the easy conversion to 3.0 (just do a default conversion in the first instance), it would seem a good idea to move at a convenient time, ideally before you move to Oracle 7. You can convert V2 style triggers to PL/SQL bit by bit, or go with one of the automatic converters - we have used one and it worked well. But you could just as easily build a menu driver using Forms 2.3 as using Forms 3.0.

Contact me by mail if you want some more information.

-- 
Glenn Nicholas, Concept
Glenn_at_wplace.demon.co.uk
Opinions expressed are my own.