Solved

security: how to prevent

Posted on 2001-07-12
5
580 Views
Last Modified: 2008-02-01
How can i prevent a user with toad to execute the
SET ROLE statement (or EXECUTE etc.)

I can't use PRODUCT_USER_PROFILE (I think), cause
that is only used by SQL*PLUS (not?)

Help
0
Comment
Question by:vanmeerendonk
5 Comments
 
LVL 3

Expert Comment

by:arun04
ID: 6276471
no Product_user_profile can be used with any tool, you can prevent the use of toad by specifyingthe excat name of the exe in product_user_profile
0
 
LVL 2

Author Comment

by:vanmeerendonk
ID: 6276514
are you sure.
I tried this
('Toad.exe','MYUSER','SET',NULL,NULL,?DISABLED?,NULL,NULL)
    AND
('Toad.exe','MYUSER','SET',NULL,NULL,?DISABLED?,NULL,NULL)
<committed of course>
but still I could do SET ROLE ALL in Toad
0
 
LVL 1

Expert Comment

by:misho2000
ID: 6276532
I ma not very sure but as system dba execute
revoke set role from myuser;
0
 
LVL 5

Expert Comment

by:ser6398
ID: 6277183
Toad has it's own Security, which allows you to restrict TOAD users from access to specific TOAD features.  You may be able to keep them from using set role by using TOAD Security.  There is a script called TOADSECURITY.SQL that creates 2 tables in the TOAD schema.  Find it an run it.  Then run TOAD, login as the TOAD schema, and select Database / TOAD Security to bring up the TOAD Features Security window.  You can grant/revoke certain features here.
0
 
LVL 2

Accepted Solution

by:
mszacik earned 50 total points
ID: 6278812
We had a similar problem.  Users would access the database through a 3rd party tool instead of the application.  Then they had a lot of privileges we didn't want them to have except when running the application.  (They could update data etc.)  

We fixed this by giving all these privileges to a role.  We assigned a password to the role.  In the application we set the role for the user when they logged on.  When they accessed the database via the diffent tools, the role wasn't set so they didn't have any privileges.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

How to Unravel a Tricky Query Introduction If you browse through the Oracle zones or any of the other database-related zones you'll come across some complicated solutions and sometimes you'll just have to wonder how anyone came up with them.  …
This post first appeared at Oracleinaction  (http://oracleinaction.com/undo-and-redo-in-oracle/)by Anju Garg (Myself). I  will demonstrate that undo for DML’s is stored both in undo tablespace and online redo logs. Then, we will analyze the reaso…
This video shows how to recover a database from a user managed backup
Via a live example, show how to restore a database from backup after a simulated disk failure using RMAN.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question