Re: how to prevent user access from outside of a third-party application
- From: Stephane Faroult <sfaroult@xxxxxxxxxxxx>
- To: <oracle-l@xxxxxxxxxxxxx>, <ORACLE-L@xxxxxxxxxxxxx>, <oracledba@xxxxxxxxxxx>, <oracle-rdbms@xxxxxxxxxxxxxxx>, "'Jeffrey Beckstrom'" <JBECKSTROM@xxxxxxxxx>
- Date: Tue, 2 Nov 2004 14:57:06 +0100
Looks like one of those great DB designs where all constraints are enforced
on the application side ...
Different random thoughts :
* What does V$SESSION show in program and (I'm a dreamer and an optimist)
ACTION/MODULE/CLIENT_INFO when using your 3rd party application? If it's
'jdbc 1.0' and NULL everywhere, no hope. Otherwise it may help you identify
whether you are indeed connected as you should or not (not in a logon
triggerunfortunately, since it fires before any call to
DBMS_APPLICATION_INFO).
You can create a trigger on each and every table (realistic ?) which fails
when not connected through the application.
* Which brings the second remark; why do you say that setting FGAC
everywhereis not realistic? You can probably generate the code required
pretty easily through SQL*Plus. Ditto for the triggers mentioned above.
HTH,
Stephane Faroult
RoughSea Ltd
http://www.roughsea.com
On Tue, 02 Nov 2004 08:23 , 'Jeffrey Beckstrom' <JBECKSTROM@xxxxxxxxx> sent:
Since I can not disable a role through a logon database trigger, I am
seeking help in how to prevent a user from updating tables outside of
the third-party application. The user is granted a role which permits
update. I can not password protect the role since it is used by the
third party application. What are some options. Fine grained access
control is not realistic since would have to set it up on every table in
the system.
Jeffrey Beckstrom
Database Administrator
Greater Cleveland Regional Transit Authority
1240 W. 6th Street
Cleveland, Ohio 44113
--
//www.freelists.org/webpage/oracle-l[1]
--- Links ---
1
modules/refer.pl?redirect=http%3A%2F%2Fwww.freelists.org%2Fwebpage%2Foracle-l
--
//www.freelists.org/webpage/oracle-l
Other related posts:
