Go to the FreeLists Home Page Home Signup Help Login 		 



Browse oracle-l: This Month's ArchiveMain Archive PageRelated postsPrevious by DateNext by Date

RE: disabling a role via a logon trigger

  • From: DENNIS WILLIAMS <DWILLIAMS@xxxxxxxxxxxxx>
  • To: JBECKSTROM@xxxxxxxxx, oracle-l@xxxxxxxxxxxxx
  • Date: Tue, 2 Nov 2004 13:12:49 -0600 
Jeffrey - I'm going to suggest something simpler. It may not work in your
environment. An end user should not have the password the application is
using. I have many third party applications here. Normally there is an
application administrator. I will share the password with that person with
the understanding that they will not share it with anyone else. If an end
user needs to use SQLPlus or another application, then I create them a
separate login. Consider just changing the application password and not
giving the password to anyone else.

Dennis Williams
DBA
Lifetouch, Inc.

-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]
On Behalf Of Jeffrey Beckstrom
Sent: Tuesday, November 02, 2004 6:10 AM
To: oracle-l@xxxxxxxxxxxxx; ORACLE-L@xxxxxxxxxxxxx; oracledba@xxxxxxxxxxx;
stant_98@xxxxxxxxx; oracle-rdbms@xxxxxxxxxxxxxxx
Subject: Re: disabling a role via a logon trigger

That would mean having to setup a policy on every table in the system.
>>> Alex <stant_98@xxxxxxxxx> 11/1/04 10:26:15 PM >>>
I hope this cak help you solve this. Take a look at Metalink note#
67977.1. It talks about Fine Grain Access Control (FGAC). The note also
gives some examples on how to set it up, which isn't very complex.

HTH
Jeffrey Beckstrom <JBECKSTROM@xxxxxxxxx> wrote:
We are running a third party application for which the users are
granted
a role. The role allows the users to update the table applications
tables. The problem is that I do not want a user being able to do an
update outside of the application. I thought I came up with a solution
to this by disabling the role if the the terminal running the
application is not one of the servers we expect, i.e. if the
connection
was via sqlplus from a users PC, the terminal id would not match and I
would disable the role. If the user was granted other roles to view
the
tables, those would remain, just the update role would be disabled.

However, I now find that a database "on logon" trigger can not disable
a role. The procedure that I was calling from the trigger to do the
disable had authid current user but the problem is the trigger.

Is there any way to disable a role from a trigger, or is there some
other way I can disable the role. We do not want users being able to
update tables outside of the application.

Jeffrey Beckstrom
Database Administrator
Greater Cleveland Regional Transit Authority
1240 W. 6th Street
Cleveland, Ohio 44113

--
http://www.freelists.org/webpage/oracle-l 

            
---------------------------------
Do you Yahoo!?
Check out the new Yahoo! Front Page.  www.yahoo.com/a 

--
http://www.freelists.org/webpage/oracle-l 




--
http://www.freelists.org/webpage/oracle-l
--
http://www.freelists.org/webpage/oracle-l

Other related posts:

  • disabling a role via a logon trigger
  • Re: disabling a role via a logon trigger
  • Re: disabling a role via a logon trigger
  • Re: disabling a role via a logon trigger
  • Re: disabling a role via a logon trigger
  • RE: disabling a role via a logon trigger
  • Re: disabling a role via a logon trigger
  • Re: disabling a role via a logon trigger
  • Re: disabling a role via a logon trigger




    • [ Home | Signup | Help | Login | Archives | Lists ]

    All trademarks and copyrights within the FreeLists archives are owned by their respective owners.
    Everything else ©2008 Avenir Technologies, LLC.