Re: Privileges by session
- From: Kellyn Pedersen <kjped1313@xxxxxxxxx>
- To: oracle-l@xxxxxxxxxxxxx, wblanchard@xxxxxxxxxxxxxxxxxxxx
- Date: Thu, 7 Jan 2010 13:15:33 -0800 (PST)
OK, maybe I'm just evil, but I've gone through this at the last company I was
lead DBA at. I was hired with the intention of having me lock down the
environment, (they didn't break that to me until a couple weeks in, to be
honest...:))
I actually started auditing the databases with my own scripts, tracking the
osuser/vs. logins and started to report them, along with the risks. It's not
fun and you aren't most people's favorite person, but most developers actually
started to appreciate it by the end of my tenure there.
Not sure if it will work, but you may want to look into different authid
options:
http://www.adp-gmbh.ch/ora/plsql/authid.html
I have always used them with specific user logins, but you may be able to pull
the rights right out from under them at the session level this way, too!
Good luck,
Kellyn Pedersen
Multi-Platform DBA
I-Behavior Inc.
http://www.linkedin.com/in/kellynpedersen
"Go away before I replace you with a very small and efficient shell script..."
--- On Thu, 1/7/10, Blanchard, William <wblanchard@xxxxxxxxxxxxxxxxxxxx> wrote:
From: Blanchard, William <wblanchard@xxxxxxxxxxxxxxxxxxxx>
Subject: Privileges by session
To: oracle-l@xxxxxxxxxxxxx
Date: Thursday, January 7, 2010, 1:21 PM
Greetings,
I have convinced management to allow me to grant read-only access to the
developers. The problem is that they know the application passwords and have
been using those passwords to circumvent my controls. Is there a way via a
trigger, role, etc to change individual sessions privileges so they have read
only (select) permissions? The easiest way would be to change the permissions
on the applications but that's not an option.
Thank you,
WGB -
This email and any information, files, or materials transmitted with it
are confidential and are solely for the use of the intended recipient.
If you have received this email in error, please delete it and notify
the sender.
Other related posts:
- » Privileges by session- Blanchard, William
- » Re: Privileges by session- lyallbarbour
- » RE: Privileges by session- Blanchard, William
- » RE: Privileges by session- Jackie Brock
- » RE: Privileges by session- Blanchard, William
- » RE: Privileges by session- Christopher Boyle
- » RE: Privileges by session- Blanchard, William
- » RE: Privileges by session- Blanchard, William
- » RE: Privileges by session- Blanchard, William
- » RE: Privileges by session- Jackie Brock
- » Re: Privileges by session - Kellyn Pedersen
- » RE: Privileges by session- Blanchard, William
- » RE: Privileges by session- Blanchard, William
- » Re: Privileges by session- Jared Still
- » RE: Privileges by session- Blanchard, William
- » Re: Privileges by session- Michael Fontana
- » RE: Privileges by session- Blanchard, William
- » Re: Privileges by session- Jared Still
- » RE: Privileges by session- Blanchard, William
- » Re: Privileges by session- Andre van Winssen
- » RE: Privileges by session- Barun, Vlado
- » Re: Privileges by session- Jared Still
- » Re: Privileges by session- Robert Freeman
- » RE: Privileges by session- Andre van Winssen
- » Re: Privileges by session- Joan Hsieh
- » Re: Privileges by session- Thomas A. La Porte
- » Re: Privileges by session- Michael Fontana
- » Re: Privileges by session- Martin Berger
- » RE: Privileges by session- Upendra N
- » Re: Privileges by session- Martin Bach
- » Re: Privileges by session- Pete Finnigan
- » Re: Privileges by session- Peter Hitchman
- » RE: Privileges by session- Joel.Patterson
- » RE: Privileges by session- Barun, Vlado
- » Re: Privileges by session- Kellyn Pedersen
- » RE: Privileges by session- GovindanK
- » Re: Privileges by session- Pete Finnigan
- » Re: Privileges by session- Yechiel Adar
- » Re: Privileges by session- Jared Still
- » Re: Privileges by session- Yechiel Adar