Solved

security: how to prevent

Posted on 2001-07-12
5
578 Views
Last Modified: 2008-02-01
How can i prevent a user with toad to execute the
SET ROLE statement (or EXECUTE etc.)

I can't use PRODUCT_USER_PROFILE (I think), cause
that is only used by SQL*PLUS (not?)

Help
0
Comment
Question by:vanmeerendonk
5 Comments
 
LVL 3

Expert Comment

by:arun04
ID: 6276471
no Product_user_profile can be used with any tool, you can prevent the use of toad by specifyingthe excat name of the exe in product_user_profile
0
 
LVL 2

Author Comment

by:vanmeerendonk
ID: 6276514
are you sure.
I tried this
('Toad.exe','MYUSER','SET',NULL,NULL,?DISABLED?,NULL,NULL)
    AND
('Toad.exe','MYUSER','SET',NULL,NULL,?DISABLED?,NULL,NULL)
<committed of course>
but still I could do SET ROLE ALL in Toad
0
 
LVL 1

Expert Comment

by:misho2000
ID: 6276532
I ma not very sure but as system dba execute
revoke set role from myuser;
0
 
LVL 5

Expert Comment

by:ser6398
ID: 6277183
Toad has it's own Security, which allows you to restrict TOAD users from access to specific TOAD features.  You may be able to keep them from using set role by using TOAD Security.  There is a script called TOADSECURITY.SQL that creates 2 tables in the TOAD schema.  Find it an run it.  Then run TOAD, login as the TOAD schema, and select Database / TOAD Security to bring up the TOAD Features Security window.  You can grant/revoke certain features here.
0
 
LVL 2

Accepted Solution

by:
mszacik earned 50 total points
ID: 6278812
We had a similar problem.  Users would access the database through a 3rd party tool instead of the application.  Then they had a lot of privileges we didn't want them to have except when running the application.  (They could update data etc.)  

We fixed this by giving all these privileges to a role.  We assigned a password to the role.  In the application we set the role for the user when they logged on.  When they accessed the database via the diffent tools, the role wasn't set so they didn't have any privileges.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Suggested Solutions

I remember the day when someone asked me to create a user for an application developement. The user should be able to create views and materialized views and, so, I used the following syntax: (CODE) This way, I guessed, I would ensure that useā€¦
Using SQL Scripts we can save all the SQL queries as files that we use very frequently on our database later point of time. This is one of the feature present under SQL Workshop in Oracle Application Express.
This video shows how to Export data from an Oracle database using the Original Export Utility.  The corresponding Import utility, which works the same way is referenced, but not demonstrated.
Via a live example, show how to restore a database from backup after a simulated disk failure using RMAN.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now