| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Application userid security
Since I'm coming in late on this, perhaps this has already been said.
Oracle 8.1 onwards supplies a PROXY USER functionality (from OCI only). That allows a trusted user ID to become other users without knowing their password.
Create tables as APP_OWNER, then revoke connect. Grant suitable privileges to END_USERxxx Create user APP_LOGIN with BECOME USER privilege and CONNECT privilege
alter user END_USERxxx
grant connect through APP_LOGIN;
APP_LOGIN can log in but do nothing
to the data.
END_USERS can log in and hack the data
but are identifiable.
End-users attaching to the database can
otherwise be made to connect through an
application module that has logged in as
APP_LOGIN, which then becomes the
end user for the purposes of accessing
the database.
The only 'public' password is APP_LOGIN, but it has no privilege to access the data.
-- Jonathan Lewis http://www.jlcomp.demon.co.uk Author of: Practical Oracle 8i: Building Efficient Databases Next Seminar - Australia - July/August http://www.jlcomp.demon.co.uk/seminar.html Host to The Co-Operative Oracle Users' FAQ http://www.jlcomp.demon.co.uk/faq/ind_faq.html Ed Stevens wrote in message <3cbac65b.5661110_at_ausnews.austin.ibm.com>...Received on Mon Apr 15 2002 - 08:51:45 CDT
>On Fri, 12 Apr 2002 21:28:18 GMT, Richard Kuhler <noone_at_nowhere.com> wrote:
>
>
>That pretty will sums it up. Looks like I'm headed back to the drawing
board,
>and more analysis of how the access is controlled on the mainframe, since
that
>is what management wants to replicate/emulate.
>
>- Ed
 |
 |