RE: Privileges by session

From: "Blanchard, William" <wblanchard@xxxxxxxxxxxxxxxxxxxx>
To: "Jackie Brock" <J.Brock@xxxxxxxxxxxxx>
Date: Thu, 7 Jan 2010 14:45:01 -0600

Do you have an example of changing the role for a session?
 
 
WGB
 

  _____  

From: Jackie Brock [mailto:J.Brock@xxxxxxxxxxxxx] 
Sent: Thursday, January 07, 2010 2:43 PM
To: Blanchard, William
Cc: oracle-l@xxxxxxxxxxxxx
Subject: RE: Privileges by session


You could assign a read-only role based on the session info.  :-)
 
-Jackie
 
Jackie D. Brock
Database Specialist - Systems Evaluation
CableLabs(r)
858 Coal Creek Circle
Louisville, CO 80027
Email: j.brock@xxxxxxxxxxxxx <mailto:j.brock@xxxxxxxxxxxxx> 
303-661-3347
 


  _____  

        From: Blanchard, William
[mailto:wblanchard@xxxxxxxxxxxxxxxxxxxx] 
        Sent: Thursday, January 07, 2010 1:42 PM
        To: Jackie Brock
        Cc: oracle-l@xxxxxxxxxxxxx
        Subject: RE: Privileges by session
        
        
        I thought about just restricting to IP address and restricting
logons via a trigger but I need to allow the developers read access for
troubleshooting production issues.
         
         
        WGB

  _____  

        From: Jackie Brock [mailto:J.Brock@xxxxxxxxxxxxx] 
        Sent: Thursday, January 07, 2010 2:29 PM
        To: Blanchard, William
        Subject: RE: Privileges by session
        
        
        I've set up login triggers to prevent logins based on the OS
username before - it worked very well, but it does assume that they
aren't using a central account.  I'm not sure you want to allow someone
to log in to an application from a central account, anyway?  You could
also restrict based on IP - any of the information that's stored in the
session variables.  Heck - you could even restrict it based on the
program being used - I've done that as well.  :-)
         
        HTH!
         
        -Jackie
         
        Jackie D. Brock
        Database Specialist - Systems Evaluation
        CableLabs(r)
        858 Coal Creek Circle
        Louisville, CO 80027
        Email: j.brock@xxxxxxxxxxxxx <mailto:j.brock@xxxxxxxxxxxxx> 
        303-661-3347
         


  _____  

                From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Blanchard, William
                Sent: Thursday, January 07, 2010 1:22 PM
                To: oracle-l@xxxxxxxxxxxxx
                Subject: Privileges by session
                
                

                Greetings, 

                I have convinced management to allow me to grant
read-only access to the developers.  The problem is that they know the
application passwords and have been using those passwords to circumvent
my controls.  Is there a way via a trigger, role, etc to change
individual sessions privileges so they have read only (select)
permissions?  The easiest way would be to change the permissions on the
applications but that's not an option.

                Thank you, 

                WGB 

                -
                
                This email and any information, files, or materials
transmitted with it
                are confidential and are solely for the use of the
intended recipient.
                If you have received this email in error, please delete
it and notify
                the sender.

Follow-Ups:
- RE: Privileges by session
  - From: Jackie Brock

References:
- Privileges by session
  - From: Blanchard, William
- RE: Privileges by session
  - From: Blanchard, William
- RE: Privileges by session
  - From: Jackie Brock

RE: Privileges by session

Other related posts: