| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: ODBC Permissions vs. Application Permissions
Louise Weiler wrote:
> The following scenario/questions have been posed to our DBA's, and we're all
> drawing a blank.
>
> The application that I have written creates specific views of the base
> tables, and then grants a role to a user when the user is created based on
> the ways they can see the data (views). Then, no matter HOW they access the
> data (through the application, through SQL*Plus, through Excel using ODBC)
> they can see and manipulate the same data the same way (i.e., any data they
> can update through the application they can update through SQL*Plus or
> Excel).
>
> BUT, what if we want to only let people QUERY through third party products,
> but still have update/insert/delete capabilities within the application? Is
> there a way to do this (without doing the set role command within the
> application)?
>
> Thanks!
> Louise
>
> --
> -- Louise
> Louise J Weiler
> Ballston Lake, NY
If I understand you correctly ....
try having an anonymous user inside your application.
The user connects via their login, and within the Oracle database that login has read only privileges.
The application logs on twice. First, when the user logs on. It uses this logon to see what roles have been granted to the user. Or, it can query tables to see what privileges the user has been granted. Then, the application logs on again, using an anonymous login, such as P4E33ghu2300. This login has all the goodies assigned to it. The login and password are hard-coded into the application. The application dynamically figures what the user can and can't do. The user doesn't know anything about the anonymous user......
If you do this, then the developer controls what the application can access.
Hope this helps.... Received on Sun Apr 18 1999 - 23:35:40 CDT
 |
 |