Solved

dba_users entry for application accounts

Posted on 2013-06-17
6
390 Views
Last Modified: 2013-07-15
If you have an oracle 10g database, residing behind a business application (i.e. for arguments sake let’s say your corporate finance system), is it common for the dba_users to be populated with an account per application user? I thought it would be common for the accounts in dba_users to only be those used for database administration, and perhaps some data analysts, so I was a bit shocked when I noticed anyone who has a login account for the application front end to have an entry in dba_users. Is this kind of authentication common? Does it have a specific name? I assume this is down to how the applicaiton was programmed, as for other apps that have a backend oracle database, there definately isnt an entry is dba_users per application (front end) accounts.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 77

Accepted Solution

by:
slightwv (䄆 Netminder) earned 250 total points
ID: 39252963
dba_users is just a view.  Any Oracle user will be visible in that view.

There are two other level of views:  ALL_ and USER_.  These are restricted based on database permissions.

It is common for applications to be written in such a way that it's usernames and are actually database users.  This let's the database control password maintenance as well as auditing what the users do.

The other way to write apps is that it maintains it's own user table and the app connects to the database using a common username.
0
 
LVL 3

Author Comment

by:pma111
ID: 39252971
So would it be fair to say, if the database users arent subject to password expiry, complexity, account lockout etc, then neither will the account that they use to login to the application (which is essentially the same thing). or could you have database accounts, with no expirty, complexity etc policy, however the application is still programmed in such a way that the users have to change their password every so long.
0
 
LVL 77

Expert Comment

by:slightwv (䄆 Netminder)
ID: 39252993
>> then neither will the account that they use to login to the application

Good bet.

>>however the application is still programmed in such a way

It's code...  You "can" do whatever you want.

Just not sure why you would want to write code to handle something Oracle handles for free?

You can set up PROFILE's to control all of this.  Then the app just needs to account for the error messages it receives form the database.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 3

Author Comment

by:pma111
ID: 39253019
I assume thats those that are stored within the file dba_users:profile , and then marry those up to the values held in dba_profiles. if say for example password verify function says "default", what exactly does that mean. If it says something else, where can you actually see the password verify function to see what its enforcing.
0
 
LVL 77

Expert Comment

by:slightwv (䄆 Netminder)
ID: 39253130
>>I assume thats those that are stored within the file dba_users:profile , and then marry those up to the values held in dba_profiles.

Correct.

>>if say for example password verify function says "default", what exactly does that mean.

Check out: Oracle Password Management Policy [ID 114930.1]

>>If it says something else, where can you actually see the password verify function to see what its enforcing.

It's a stored function.  If it is set, you can view the source just like any other function.

It could possibly be WRAPped (never tried this with a password function).  If so, it's encrypted.  There are claims that WRAPped code can be decrypted but I've never tried.
0
 
LVL 23

Assisted Solution

by:David
David earned 250 total points
ID: 39253863
...is it common for the dba_users to be populated with an account per application user?...

I agree with Slight, and would mention that there are alternatives; so it depends upon the architect's preference.  At one end, some applications are written to use generic accounts such as APP_ADMIN for the superusers, and APP_QUERY for the reports and other read-only, and APP_USER for the common access people.  The application / data owner would be responsible for managing which users were given which passwords.  A high-volume site will perhaps look into single sign-on with LDAP.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Your data is at risk. Probably more today that at any other time in history. There are simply more people with more access to the Web with bad intentions.
This video shows setup options and the basic steps and syntax for duplicating (cloning) a database from one instance to another. Examples are given for duplicating to the same machine and to different machines
This video shows syntax for various backup options while discussing how the different basic backup types work.  It explains how to take full backups, incremental level 0 backups, incremental level 1 backups in both differential and cumulative mode a…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question