Solved

security: how to prevent

Posted on 2001-07-12
5
583 Views
Last Modified: 2008-02-01
How can i prevent a user with toad to execute the
SET ROLE statement (or EXECUTE etc.)

I can't use PRODUCT_USER_PROFILE (I think), cause
that is only used by SQL*PLUS (not?)

Help
0
Comment
Question by:vanmeerendonk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 3

Expert Comment

by:arun04
ID: 6276471
no Product_user_profile can be used with any tool, you can prevent the use of toad by specifyingthe excat name of the exe in product_user_profile
0
 
LVL 2

Author Comment

by:vanmeerendonk
ID: 6276514
are you sure.
I tried this
('Toad.exe','MYUSER','SET',NULL,NULL,?DISABLED?,NULL,NULL)
    AND
('Toad.exe','MYUSER','SET',NULL,NULL,?DISABLED?,NULL,NULL)
<committed of course>
but still I could do SET ROLE ALL in Toad
0
 
LVL 1

Expert Comment

by:misho2000
ID: 6276532
I ma not very sure but as system dba execute
revoke set role from myuser;
0
 
LVL 5

Expert Comment

by:ser6398
ID: 6277183
Toad has it's own Security, which allows you to restrict TOAD users from access to specific TOAD features.  You may be able to keep them from using set role by using TOAD Security.  There is a script called TOADSECURITY.SQL that creates 2 tables in the TOAD schema.  Find it an run it.  Then run TOAD, login as the TOAD schema, and select Database / TOAD Security to bring up the TOAD Features Security window.  You can grant/revoke certain features here.
0
 
LVL 2

Accepted Solution

by:
mszacik earned 50 total points
ID: 6278812
We had a similar problem.  Users would access the database through a 3rd party tool instead of the application.  Then they had a lot of privileges we didn't want them to have except when running the application.  (They could update data etc.)  

We fixed this by giving all these privileges to a role.  We assigned a password to the role.  In the application we set the role for the user when they logged on.  When they accessed the database via the diffent tools, the role wasn't set so they didn't have any privileges.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
oracle DR - data guard failover. 18 74
oracle sqlplus query delimiter 8 53
looking for guidance on Oracle Sql Formatting standards 9 45
Performance Issue in Oracle 3 46
Introduction A previously published article on Experts Exchange ("Joins in Oracle", http://www.experts-exchange.com/Database/Oracle/A_8249-Joins-in-Oracle.html) makes a statement about "Oracle proprietary" joins and mixes the join syntax with gen…
When it comes to protecting Oracle Database servers and systems, there are a ton of myths out there. Here are the most common.
This video shows syntax for various backup options while discussing how the different basic backup types work.  It explains how to take full backups, incremental level 0 backups, incremental level 1 backups in both differential and cumulative mode a…
Via a live example, show how to restore a database from backup after a simulated disk failure using RMAN.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question