we want our users not to be able to access in writing oracle with any other tool than the one we deliver. i know how to find the program used during the session. the users are granted a certain role that allows them the complete access to about 2000 tables (really needed by the application). i'd like to be able at the login moment to analyze the user's program name and, if not the application we allow them to use, to revoke this role and grant another role that grants them read-only access to those about 2000 tables.
can anybody help?
i tried with a logon trigger but "set role" or dbms_session.set_role doesn't work inside a trigger.
we cannot customize the application, is as it is. we tried using "alter user...connect through..." but it didn't work. the application is as it is and we have to find some workaround to transparently convert any database access of the users defined for the application to read-only if they login is not using the application.
the application has 4 tiers (clients=dedicated/html/java/activeX/mobile, web servers, gateway, load balancing servers, application servers, database servers), the application users are identical to the database users, the authentication is at database lavel only. we like to offer to the application users a read only access if they come through any other software to the database, but full normal access if they come through the application.
i can stop any session of these users, if they do not come through the application, and define a general user, known to any application user, with read-only access.
but i am looking for an elegant way to dinamically convert these users, under the stated conditions, to read-only ones.
thank you
erol aivas
973-882-2000/3005
erolaivas@yahoo.com
can anybody help?
i tried with a logon trigger but "set role" or dbms_session.set_role doesn't work inside a trigger.
we cannot customize the application, is as it is. we tried using "alter user...connect through..." but it didn't work. the application is as it is and we have to find some workaround to transparently convert any database access of the users defined for the application to read-only if they login is not using the application.
the application has 4 tiers (clients=dedicated/html/java/activeX/mobile, web servers, gateway, load balancing servers, application servers, database servers), the application users are identical to the database users, the authentication is at database lavel only. we like to offer to the application users a read only access if they come through any other software to the database, but full normal access if they come through the application.
i can stop any session of these users, if they do not come through the application, and define a general user, known to any application user, with read-only access.
but i am looking for an elegant way to dinamically convert these users, under the stated conditions, to read-only ones.
thank you
erol aivas
973-882-2000/3005
erolaivas@yahoo.com