Re: Advice : Security on Oracle - set role at application

We had a similar situation and what we did is what you describe here. - a user has a 'viewer' type default role which has 'select' only access to objects
- within the application we execute a 'set role' command. this write-enabled to particular objects role is password protected. we did the no-no of hardcoding this password into the application itself. we could not come up with a way of getting around putting the password in a easily modifiable area (so it could be easily changed by an administrator) at the time. there should be a way to do this using packages/procedures which have public private areas where the owner of the package has an 'administrator' user id so it can access a table only the administrator has access to.

xxxxx (yyyyy_at_hk.linkage.net) wrote:
: Our company use VB as development tools and Oracle on Window NT as backend.
 

: There is a security policy suggested by the menu 'Application Developer Guide'
: from Oracle. In order to prevent use ad hoc tool, such as SQL Plus, to access
: the database and perform destructive action, the default role should be non
: destructive or disable all role after logon. When user run application,
: application should issue 'set role' to give the right privileges to perform
: the task.
 

: The idea is great, but how can I 'set role' through application?
: Yours comment is appreciate!

: Best Regards,

: Phyllis Wong
: wphyllis_at_hk.linkage.net

--