Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Ids and passwords for application users

RE: Ids and passwords for application users

From: Richard Huntley <rhuntley_at_mindleaders.com>
Date: Tue, 30 Jul 2002 11:19:58 -0800
Message-ID: <F001.004A6544.20020730111958@fatcity.com> 





Peter,



not clear on if the database is going to be used by developers doing
development work or will an application use it and you'll have up to 300
application users?



If it's an application, how about making one account that owns all of the DB
objects, another generic account on top of that which you grant access to
execute


packages, select on tables, etc...so that it can access the objects owned by
real account


but has limited abilities accept through privileges it's been granted. That
is,



app_owner - owns all DB objects


app_user - owns no DB objects, but has restricted access to objects owned by
PRODUCTION



tech_support - granted select privileges only
user1/user1, user2/user2, etc... - id's and passwords stored in a table,
password encrypted



When a user needs access to the application, they give login/password as
user1/user1, but the 


application uses the APP_USER account, to look in the table that stores the
logins to see if the


user is valid, and if so, the application loads, if not they're denied
access.



HTH



-----Original Message-----


Sent: Monday, July 29, 2002 4:59 PM


To: Multiple recipients of list ORACLE-L




I am in the process of designing a small database which may have
as many as 250 to 300 users.  We are reaching a stage where we need
to decide how we will control access to this database.  As I see it
we have two options:



    
  
  1.   Provide a single hidden login for the entire application and control
access to the applicaiton itself either by "roll your own" security or
using the operating system (UNIX) controls.

  
  2.   Create ids for the users in Oracle and grant them access
to the necessary tables using roles.






Any opinions or alternate suggestions?



thanks,



Peter Schauss


-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.com


-- 



Author: Schauss, Peter


  INET: SCHAUPE_at_mail.northgrum.com


Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------


To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).





-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.com


-- 



Author: Richard Huntley


  INET: rhuntley_at_mindleaders.com


Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------


To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Tue Jul 30 2002 - 14:19:58 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US