Peter,
not clear on if the database is going to be used by developers doing
development work or will an application use it and you'll have up to 300
application users?
If it's an application, how about making one account that owns all of the DB
objects, another generic account on top of that which you grant access to execute
packages, select on tables, etc...so that it can access the objects owned by real account
but has limited abilities accept through privileges it's been granted. That is,
app_owner - owns all DB objects
app_user - owns no DB objects, but has restricted access to objects owned by PRODUCTION
tech_support - granted select privileges only
user1/user1, user2/user2, etc... - id's and passwords stored in a table, password encrypted
When a user needs access to the application, they give login/password as user1/user1, but the
application uses the APP_USER account, to look in the table that stores the logins to see if the
user is valid, and if so, the application loads, if not they're denied access.
HTH
-----Original Message-----
From: Schauss, Peter [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 29, 2002 4:59 PM
To: Multiple recipients of list ORACLE-L
Subject: Ids and passwords for application users
I am in the process of designing a small database which may have
as many as 250 to 300 users. We are reaching a stage where we need
to decide how we will control access to this database. As I see it
we have two options:
1. Provide a single hidden login for the entire application and control
access to the applicaiton itself either by "roll your own" security or
using the operating system (UNIX) controls.
2. Create ids for the users in Oracle and grant them access
to the necessary tables using roles.
Any opinions or alternate suggestions?
thanks,
Peter Schauss
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Schauss, Peter
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
