home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!olivea!sgigate!odin!mips!swrinde!gatech!paladin.american.edu!news.univie.ac.at!bmwf1f.bmwf.gv.at!hatzinger_m
- From: hatzinger_m@bmwf1f.bmwf.gv.at
- Newsgroups: comp.databases.oracle
- Subject: RE: ** ORACLE Forms security **
- Message-ID: <1992Aug12.141616.27@bmwf1f.bmwf.gv.at>
- Date: 12 Aug 92 13:21:32 GMT
- Organization: (Klaus-Michael Hatzinger), BMWF, Vienna, Austria
- Lines: 50
-
-
-
- You can limit user access to your oracle database creating a special view
- for your table which nows at run time, if it is running from SQL*Plus or IAP:
-
-
- 0. You need ORACLE V6
-
- 1. Create your table (table_name)
-
- 2. Create a view like
-
- CREATE VIEW view_name AS
- SELECT *
- FROM table_name
- WHERE EXISTS (SELECT 1
- FROM sys.v_$session S,sys.v_$process P
- WHERE addr=paddr
- AND S.username=user
- AND (INSTR(program,'IAP') <> 0 OR command=3)
- AND terminal=USERENV('TERMINAL'))
- WITH CHECK OPTION;
-
- "command" includes the actual command (SELECT=3,INSERT,...)
- "program" includes the actual program name (IAP,SQLPLUS,...).
-
-
- 3. ORACLE-user "SYS" must give a "GRANT OPTION" on the virtual views
-
- GRANT SELECT ON v_$session TO PUBLIC WITH GRANT OPTION;
- GRANT SELECT ON v_$process TO PUBLIC WITH GRANT OPTION;
-
-
- 4. Set grants only on the view for all your users
-
- GRANT SELECT,INSERT,UPDATE,DELETE ON view_name TO ......
-
-
- So they can update your database only in SQL*Forms (if it works on your
- system too ?).
-
- GOOD LUCK !!
-
- --
-
- --------------------------------------------------------------------------------
- Klaus-Michael Hatzinger hatzinger_m@bmwf1f.bmwf.gv.at
- Federal Ministry of Science and Research
- Computer Center
- Vienna, Austria
-
