Improve company productivity with a Business Account.Sign Up

x
?
Solved

security: how to prevent

Posted on 2001-07-12
5
Medium Priority
?
591 Views
Last Modified: 2008-02-01
How can i prevent a user with toad to execute the
SET ROLE statement (or EXECUTE etc.)

I can't use PRODUCT_USER_PROFILE (I think), cause
that is only used by SQL*PLUS (not?)

Help
0
Comment
Question by:vanmeerendonk
5 Comments
 
LVL 3

Expert Comment

by:arun04
ID: 6276471
no Product_user_profile can be used with any tool, you can prevent the use of toad by specifyingthe excat name of the exe in product_user_profile
0
 
LVL 2

Author Comment

by:vanmeerendonk
ID: 6276514
are you sure.
I tried this
('Toad.exe','MYUSER','SET',NULL,NULL,?DISABLED?,NULL,NULL)
    AND
('Toad.exe','MYUSER','SET',NULL,NULL,?DISABLED?,NULL,NULL)
<committed of course>
but still I could do SET ROLE ALL in Toad
0
 
LVL 1

Expert Comment

by:misho2000
ID: 6276532
I ma not very sure but as system dba execute
revoke set role from myuser;
0
 
LVL 5

Expert Comment

by:ser6398
ID: 6277183
Toad has it's own Security, which allows you to restrict TOAD users from access to specific TOAD features.  You may be able to keep them from using set role by using TOAD Security.  There is a script called TOADSECURITY.SQL that creates 2 tables in the TOAD schema.  Find it an run it.  Then run TOAD, login as the TOAD schema, and select Database / TOAD Security to bring up the TOAD Features Security window.  You can grant/revoke certain features here.
0
 
LVL 2

Accepted Solution

by:
mszacik earned 200 total points
ID: 6278812
We had a similar problem.  Users would access the database through a 3rd party tool instead of the application.  Then they had a lot of privileges we didn't want them to have except when running the application.  (They could update data etc.)  

We fixed this by giving all these privileges to a role.  We assigned a password to the role.  In the application we set the role for the user when they logged on.  When they accessed the database via the diffent tools, the role wasn't set so they didn't have any privileges.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Introduction A previously published article on Experts Exchange ("Joins in Oracle", http://www.experts-exchange.com/Database/Oracle/A_8249-Joins-in-Oracle.html) makes a statement about "Oracle proprietary" joins and mixes the join syntax with gen…
Checking the Alert Log in AWS RDS Oracle can be a pain through their user interface.  I made a script to download the Alert Log, look for errors, and email me the trace files.  In this article I'll describe what I did and share my script.
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question