Re: disabling a role via a logon trigger

  • From: Alex <stant_98@xxxxxxxxx>
  • To: JBECKSTROM@xxxxxxxxx, oracle-l@xxxxxxxxxxxxx, ORACLE-L@xxxxxxxxxxxxx, oracledba@xxxxxxxxxxx, oracle-rdbms@xxxxxxxxxxxxxxx
  • Date: Mon, 1 Nov 2004 19:26:15 -0800 (PST)

I hope this cak help you solve this. Take a look at Metalink note# 67977.1. It 
talks about Fine Grain Access Control (FGAC). The note also gives some examples 
on how to set it up, which isn't very complex.
Jeffrey Beckstrom <JBECKSTROM@xxxxxxxxx> wrote:
We are running a third party application for which the users are granted
a role. The role allows the users to update the table applications
tables. The problem is that I do not want a user being able to do an
update outside of the application. I thought I came up with a solution
to this by disabling the role if the the terminal running the
application is not one of the servers we expect, i.e. if the connection
was via sqlplus from a users PC, the terminal id would not match and I
would disable the role. If the user was granted other roles to view the
tables, those would remain, just the update role would be disabled.

However, I now find that a database "on logon" trigger can not disable
a role. The procedure that I was calling from the trigger to do the
disable had authid current user but the problem is the trigger.

Is there any way to disable a role from a trigger, or is there some
other way I can disable the role. We do not want users being able to
update tables outside of the application.

Jeffrey Beckstrom
Database Administrator
Greater Cleveland Regional Transit Authority
1240 W. 6th Street
Cleveland, Ohio 44113


Do you Yahoo!?
 Check out the new Yahoo! Front Page.


Other related posts: