Our application is currently setting roles at login time via application code. The roles are identified by a password and we would like to move to a secure application role to enable some specific checks before allowing the role to be set.
Ideally, we would like to get the code out of our Power Builder application to provide for easier modification without having to deploy application code. Most documentation states that setting roles via a logon trigger will not work.
I have recently found a conflicting statement in the Apress book “HOWTO Secure and Audit Oracle 10g and 11g”. Under the heading “Three Things to Remember about Secure Application Roles”, it states “You can use secure application roles statically, setting the roles when the user logs on (using a log-on trigger) or dynamically within a session".
If it is, in fact, possible to set the roles using a logon trigger, that would be ideal for our application.
Is there anyone who might be able to help me set up a simple example of that to follow? Or, prove/disprove the statement made?
Thank you! I appreciate any direction you can provide.
Ideally, we would like to get the code out of our Power Builder application to provide for easier modification without having to deploy application code. Most documentation states that setting roles via a logon trigger will not work.
I have recently found a conflicting statement in the Apress book “HOWTO Secure and Audit Oracle 10g and 11g”. Under the heading “Three Things to Remember about Secure Application Roles”, it states “You can use secure application roles statically, setting the roles when the user logs on (using a log-on trigger) or dynamically within a session".
If it is, in fact, possible to set the roles using a logon trigger, that would be ideal for our application.
Is there anyone who might be able to help me set up a simple example of that to follow? Or, prove/disprove the statement made?
Thank you! I appreciate any direction you can provide.
