Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Restricting User access 1

Status
Not open for further replies.
hilbertl3

hilbertl3

Technical User
Sep 22, 2004
77
US

I have an application with an Access front end and an Oracle back end. In Oracle, I've set up permissions for my users so that some tables can be apppended to and deleted from, others only selected etc. etc. I would like to prevent users from using a tool like TOAD or SQL plus to log into the Oracle database where my application's tables are housed and manipulate the data in those tables through adhoc SQL statements. In short, I want the users to only interact with my application's tables through my front end. Is it possible to implement a security policy like this?

hilbertl
 
Sort by date Sort by votes


You could write a system/database event trigger that checks the PROGRAM or MODULE columns in V$SESSION. [3eyes]

----------------------------------------------------------------------------
The person who says it can't be done should not interrupt the person doing it. -- Chinese proverb
 
Upvote 0 Downvote
I'm new to Oracle. Could you provide a little more detail?
 
Upvote 0 Downvote

Did you click on the link I provided?


----------------------------------------------------------------------------
The person who says it can't be done should not interrupt the person doing it. -- Chinese proverb
 
Upvote 0 Downvote

PS: Specially the section 'database_event' LOGON trigger.


----------------------------------------------------------------------------
The person who says it can't be done should not interrupt the person doing it. -- Chinese proverb
 
Upvote 0 Downvote

Or look at similar post in thread759-1109662

----------------------------------------------------------------------------
The person who says it can't be done should not interrupt the person doing it. -- Chinese proverb
 
Upvote 0 Downvote

Or you can code something like this:
Code: 
CREATE OR REPLACE TRIGGER AFTERLOGON
AFTER LOGON ON DATABASE
DECLARE V_PROG VARCHAR2(48);
BEGIN
  SELECT MODULE INTO V_PROG FROM V_$SESSION;
  IF UPPER(V_PROG) LIKE 'TOAD%' OR
     UPPER(V_PROG) LIKE 'SQL*PLUS%'
  THEN
    RAISE_APPLICATION_ERROR (-20001, 'You are not allowed to use TOAD or SQL*Plus.');
  END IF;
END;
/


----------------------------------------------------------------------------
The person who says it can't be done should not interrupt the person doing it. -- Chinese proverb
 
Upvote 0 Downvote
Hi,
But..( there is always a but, it seems), that trigger will prevent ANYONE ( including you ) from using those tools..Are you sure you want to limit yourself?
Perhaps checking the USER before prohibiting the tools would be better..



[profile]

To Paraphrase:"The Help you get is proportional to the Help you give.."
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Livia8
  • Locked
  • Question
How to forcibly logout users 2
Replies
17
Views
1K
carp
carp
rk68
  • Locked
  • Question
giving user rights to access another schema
Replies
2
Views
134
LKBrwnDBA
LKBrwnDBA
tekpr00
  • Locked
  • Question
Alter User sys Error in Oracle 10 , but worked in Oracle 11 1
Replies
1
Views
160
tekpr00
tekpr00
ettienne
  • Locked
  • Question
ORA-16000: database open for read-only access
Replies
7
Views
548
ettienne
ettienne
AlStl
  • Locked
  • Question
Accessing Objects in another schema under same database 1
Replies
4
Views
147
Beilstwh
Beilstwh

Part and Inventory Search

Sponsor

Back
Top