Hi,
here is my dilemma. I have a database with hundreds of users. The database is oracle 8.1.7.2 on solaris 8. The database runs a financial application (banking). All the users connect to oracle through the application. All users have insert update and delete privileges on the main schema tables as they need these to do their jobs (posting + reversing transactions, amending names addresses etc.)
Any changes or updates made are audited within the application, and users are restricted to what they can do by the application's own menu security system, so I have no problems with security at this level.
The problem I have is with ms access databases. Every user has ms office on their pc. It appears that anyone who can set up an odbc connection to the production database, and connect using their own username and password can basically do any damage they want, delete whole tables, change data etc without any trace. We have a couple of access databases in the IT dept that we need to be able to connect to the production db, and we wont allow anyone else connect like this. ( cd's and floppy drives are locked down on all user pc's and odbc functionality has been removed also, except on certain IT dept pc's. But i'm still uneasy about this.
Is there any way in oracle (or unix) that odbc connections can be restricted (say only to specific ip addresses, oracle users or groups)? If not can they be logged or monitored in any way?
Any help or suggestions greatly appreciated.
here is my dilemma. I have a database with hundreds of users. The database is oracle 8.1.7.2 on solaris 8. The database runs a financial application (banking). All the users connect to oracle through the application. All users have insert update and delete privileges on the main schema tables as they need these to do their jobs (posting + reversing transactions, amending names addresses etc.)
Any changes or updates made are audited within the application, and users are restricted to what they can do by the application's own menu security system, so I have no problems with security at this level.
The problem I have is with ms access databases. Every user has ms office on their pc. It appears that anyone who can set up an odbc connection to the production database, and connect using their own username and password can basically do any damage they want, delete whole tables, change data etc without any trace. We have a couple of access databases in the IT dept that we need to be able to connect to the production db, and we wont allow anyone else connect like this. ( cd's and floppy drives are locked down on all user pc's and odbc functionality has been removed also, except on certain IT dept pc's. But i'm still uneasy about this.
Is there any way in oracle (or unix) that odbc connections can be restricted (say only to specific ip addresses, oracle users or groups)? If not can they be logged or monitored in any way?
Any help or suggestions greatly appreciated.