One of the ways round this is to have the priv's needed for anything other than
select granted to a role, rather than the generic userid. Make the role
non-default, and require a password to enable it - that way, using the ODBC
connection won't give users any godlike powers.
The issue is how to implement it to work with the application...Without changing
the code, you could try setting up a logon trigger to enable the role, but I've
not tried it so I won't guarantee it would work.
Hope this helps.
Simon Anderson
> We have purchased a system where users login through
> an ODBC connection using a generic Oracle userid. This
> userid has full rights to do insert, update, delete,
> select on any table in the schema. The app asks for
> another username and password which checks the
> application security table, which limits what areas of
> the apps they can access.
>
> Although this may work fine for the app, the users
> also have the ability to use Access and other ODBC
> compliant programs to look at the data. When doing so,
> they use the same ODBC DSN and, what do you know, they
> have capabilities beyond their wildest imagination.
>
> This is obviously not a situation I want to implement.
> I am looking for a way to allow a user into the app to
> do their normal work, but only allow read access for
> anything outside the app.
>
> Any suggestions or ideas would be more than welcome.
>
> Thanks,
>
> Larry Hahn
> Journal Sentinel, Inc.
>
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author:
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
