Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

security: how to prevent

Posted on 2001-07-12
5
Medium Priority
?
587 Views
Last Modified: 2008-02-01
How can i prevent a user with toad to execute the
SET ROLE statement (or EXECUTE etc.)

I can't use PRODUCT_USER_PROFILE (I think), cause
that is only used by SQL*PLUS (not?)

Help
0
Comment
Question by:vanmeerendonk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 3

Expert Comment

by:arun04
ID: 6276471
no Product_user_profile can be used with any tool, you can prevent the use of toad by specifyingthe excat name of the exe in product_user_profile
0
 
LVL 2

Author Comment

by:vanmeerendonk
ID: 6276514
are you sure.
I tried this
('Toad.exe','MYUSER','SET',NULL,NULL,?DISABLED?,NULL,NULL)
    AND
('Toad.exe','MYUSER','SET',NULL,NULL,?DISABLED?,NULL,NULL)
<committed of course>
but still I could do SET ROLE ALL in Toad
0
 
LVL 1

Expert Comment

by:misho2000
ID: 6276532
I ma not very sure but as system dba execute
revoke set role from myuser;
0
 
LVL 5

Expert Comment

by:ser6398
ID: 6277183
Toad has it's own Security, which allows you to restrict TOAD users from access to specific TOAD features.  You may be able to keep them from using set role by using TOAD Security.  There is a script called TOADSECURITY.SQL that creates 2 tables in the TOAD schema.  Find it an run it.  Then run TOAD, login as the TOAD schema, and select Database / TOAD Security to bring up the TOAD Features Security window.  You can grant/revoke certain features here.
0
 
LVL 2

Accepted Solution

by:
mszacik earned 200 total points
ID: 6278812
We had a similar problem.  Users would access the database through a 3rd party tool instead of the application.  Then they had a lot of privileges we didn't want them to have except when running the application.  (They could update data etc.)  

We fixed this by giving all these privileges to a role.  We assigned a password to the role.  In the application we set the role for the user when they logged on.  When they accessed the database via the diffent tools, the role wasn't set so they didn't have any privileges.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using SQL Scripts we can save all the SQL queries as files that we use very frequently on our database later point of time. This is one of the feature present under SQL Workshop in Oracle Application Express.
Shell script to create broker configuration file using current broker Configuration, solely for purpose of backup on Linux. Script may need to be modified depending on OS-installation. Please deploy and verify the script in a test environment.
This video shows syntax for various backup options while discussing how the different basic backup types work.  It explains how to take full backups, incremental level 0 backups, incremental level 1 backups in both differential and cumulative mode a…
This video shows how to recover a database from a user managed backup

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question