RE: Preventing user access
Sean, How about creating an admin listener (admin_listener for example) that is only defined in your own listner.ora file on your desktop PC, and not in the users listener.ora files. When you want to restrict them from access, simply shut down their listener, whilst keeping your own open? This way - If you want to do it across the network or not, you will still be able to connect.. Mark -Original Message- Sean Sent: Wednesday, September 26, 2001 15:25 To: Multiple recipients of list ORACLE-L If I wish to do work on a database logging in to server itself and want to prevent users from accessing the system via network is there another way to do this if I don't want to use the enable restricted session functionality. I'm thinking there's probably a neat way to utiltise the listener process but have not figured it out. Also what If I need to work on DB over network but don't want any other users using DB what can I do to prevent their connecting? Sean :) Data Base Administrator Oracle 7.3.3, 8.0.5, 8.1.7 - NT, W2K [0%] OCP Oracle8i DBA --- End 2002 deadline =:-O [0%] OCP Oracle9i DBA Organon (Ireland) Ltd. E-mail: [EMAIL PROTECTED] [subscribed: Digest Mode] Visit: http://groups.yahoo.com/group/Oracle-OCP-DBA Nobody loves me but my mother... and she could be jivin' too. - BB King -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: O'Neill, Sean INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Mark Leith INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: Preventing user access
Hi, If U logon to the database server itself you can just stop the listener and nobody can logon through the tns connection. You can than set the oracle sid and logon using sqlplus username/password. If you want to use tns connection yourself you can set different temporary portnumbers and restart the listener. This will at least make it a bit more difficult to connect using tnsnames But you are right there is probably a more sophisticated/secure way. Jack O'Neill, Sean [EMAIL PROTECTED]@fatcity.com on 26-09-2001 16:25:18 Please respond to [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED] cc:(bcc: Jack van Zanen/nlzanen1/External/MEY/NL) If I wish to do work on a database logging in to server itself and want to prevent users from accessing the system via network is there another way to do this if I don't want to use the enable restricted session functionality. I'm thinking there's probably a neat way to utiltise the listener process but have not figured it out. Also what If I need to work on DB over network but don't want any other users using DB what can I do to prevent their connecting? Sean :) Data Base Administrator Oracle 7.3.3, 8.0.5, 8.1.7 - NT, W2K [0%] OCP Oracle8i DBA --- End 2002 deadline =:-O [0%] OCP Oracle9i DBA Organon (Ireland) Ltd. E-mail: [EMAIL PROTECTED] [subscribed: Digest Mode] Visit: http://groups.yahoo.com/group/Oracle-OCP-DBA Nobody loves me but my mother... and she could be jivin' too. - BB King -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: O'Neill, Sean INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). = De informatie verzonden in dit e-mailbericht is vertrouwelijk en is uitsluitend bestemd voor de geadresseerde. Openbaarmaking, vermenigvuldiging, verspreiding en/of verstrekking van deze informatie aan derden is, behoudens voorafgaande schriftelijke toestemming van Ernst Young, niet toegestaan. Ernst Young staat niet in voor de juiste en volledige overbrenging van de inhoud van een verzonden e-mailbericht, noch voor tijdige ontvangst daarvan. Ernst Young kan niet garanderen dat een verzonden e-mailbericht vrij is van virussen, noch dat e-mailberichten worden overgebracht zonder inbreuk of tussenkomst van onbevoegde derden. Indien bovenstaand e-mailbericht niet aan u is gericht, verzoeken wij u vriendelijk doch dringend het e-mailbericht te retourneren aan de verzender en het origineel en eventuele kopieën te verwijderen en te vernietigen. Ernst Young hanteert bij de uitoefening van haar werkzaamheden algemene voorwaarden, waarin een beperking van aansprakelijkheid is opgenomen. De algemene voorwaarden worden u op verzoek kosteloos toegezonden. = The information contained in this communication is confidential and is intended solely for the use of the individual or entity to whom it is addressed. You should not copy, disclose or distribute this communication without the authority of Ernst Young. Ernst Young is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt. Ernst Young does not guarantee that the integrity of this communication has been maintained nor that the communication is free of viruses, interceptions or interference. If you are not the intended recipient of this communication please return the communication to the sender and delete and destroy all copies. In carrying out its engagements, Ernst Young applies general terms and conditions, which contain a clause that limits its liability. A copy of these terms and conditions is available on request free of charge. = -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be
Re: Preventing user access
You can restrict access to db by IP address. JP On Wed 26. September 2001 16:25, you wrote: If I wish to do work on a database logging in to server itself and want to prevent users from accessing the system via network is there another way to do this if I don't want to use the enable restricted session functionality. I'm thinking there's probably a neat way to utiltise the listener process but have not figured it out. Also what If I need to work on DB over network but don't want any other users using DB what can I do to prevent their connecting? Sean :) Data Base Administrator Oracle 7.3.3, 8.0.5, 8.1.7 - NT, W2K [0%] OCP Oracle8i DBA --- End 2002 deadline =:-O [0%] OCP Oracle9i DBA Organon (Ireland) Ltd. E-mail: [EMAIL PROTECTED] [subscribed: Digest Mode] Visit: http://groups.yahoo.com/group/Oracle-OCP-DBA Nobody loves me but my mother... and she could be jivin' too. - BB King -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Jan Pruner INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Preventing user access
Title: RE: Preventing user access Hi Sean, someone on the list, his or her name escapes me, suggested two listeners. One for the general users and one for dba's only. You want to kick your users out, bring down the general use listener. Clever and slick! Lisa Koivu Oracle Database Administrator Fairfield Resorts, Inc. 954-935-4117 -Original Message- From: O'Neill, Sean [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 10:25 AM To: Multiple recipients of list ORACLE-L Subject: Preventing user access If I wish to do work on a database logging in to server itself and want to prevent users from accessing the system via network is there another way to do this if I don't want to use the enable restricted session functionality. I'm thinking there's probably a neat way to utiltise the listener process but have not figured it out. Also what If I need to work on DB over network but don't want any other users using DB what can I do to prevent their connecting? Sean :) Data Base Administrator Oracle 7.3.3, 8.0.5, 8.1.7 - NT, W2K [0%] OCP Oracle8i DBA --- End 2002 deadline =:-O [0%] OCP Oracle9i DBA Organon (Ireland) Ltd. E-mail: [EMAIL PROTECTED] [subscribed: Digest Mode] Visit: http://groups.yahoo.com/group/Oracle-OCP-DBA Nobody loves me but my mother... and she could be jivin' too. - BB King -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: O'Neill, Sean INET: [EMAIL PROTECTED] Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: Preventing user access
You can use Connection Manager and define rules. Although you will need to change the net services entries of the tnsnames.ora or from the names or from LDAP, just to source the client to the Connection Manager before the server itself. Or if you use TCP/IP as the protocol for Net8, you can use the file protocol.ora. In order to restrict the access you must include these two lines: tcp.validnode_checking=TRUE tcp.excluded_nodes=(ip or name,.) .or better if there two many: tcp.included_nodes (ip or name) Regards. --- O'Neill, Sean [EMAIL PROTECTED] wrote: If I wish to do work on a database logging in to server itself and want to prevent users from accessing the system via network is there another way to do this if I don't want to use the enable restricted session functionality. I'm thinking there's probably a neat way to utiltise the listener process but have not figured it out. Also what If I need to work on DB over network but don't want any other users using DB what can I do to prevent their connecting? Sean :) Data Base Administrator Oracle 7.3.3, 8.0.5, 8.1.7 - NT, W2K [0%] OCP Oracle8i DBA --- End 2002 deadline =:-O [0%] OCP Oracle9i DBA Organon (Ireland) Ltd. E-mail: [EMAIL PROTECTED] [subscribed: Digest Mode] Visit: http://groups.yahoo.com/group/Oracle-OCP-DBA Nobody loves me but my mother... and she could be jivin' too. - BB King -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: O'Neill, Sean INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). = Eng. Christian Trassens Senior DBA Systems Engineer [EMAIL PROTECTED] [EMAIL PROTECTED] Phone : 541149816062 __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger. http://im.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Christian Trassens INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Preventing user access
Title: RE: Preventing user access -Original Message- From: O'Neill, Sean [mailto:[EMAIL PROTECTED]] If I wish to do work on a database logging in to server itself and want to prevent users from accessing the system via network is there another way to do this if I don't want to use the enable restricted session functionality. I'm thinking there's probably a neat way to utiltise the listener process but have not figured it out. Also what If I need to work on DB over network but don't want any other users using DB what can I do to prevent their connecting? As someone has said, you can restrict by IP address. Look in Net8 Administrator's Guide For Release 8.1.5, the parameters are described in Appendix C Configuration Parameters ... Protocol-Specific Parameters (PROTOCOL.ORA) protocol.EXCLUDED_NODES protocol.INVITED_NODES protocol.VALIDNODE_CHECKING
Re: Preventing user access
protocol.ora file is no longer supported in 9i. joe [EMAIL PROTECTED] 09/26/01 11:25AM You can use Connection Manager and define rules.Although you will need to change the net servicesentries of the tnsnames.ora or from the names or fromLDAP, just to source the client to the ConnectionManager before the server itself.Or if you use TCP/IP as the protocol for Net8, you canuse the file protocol.ora. In order to restrict theaccess you must include these two lines:tcp.validnode_checking=TRUEtcp.excluded_nodes=(ip or name,.).or better if there two many:tcp.included_nodes (ip or name)Regards.--- "O'Neill, Sean" [EMAIL PROTECTED] wrote: If I wish to do work on a database logging in to server itself and want to prevent users from accessing the system via network is there another way to do this if I don't want to use the "enable restricted session" functionality. I'm thinking there's probably a neat way to utiltise the listener process but have not figured it out. Also what If I need to work on DB over network but don't want any other users using DB what can I do to prevent their connecting? Sean :) Data Base Administrator Oracle 7.3.3, 8.0.5, 8.1.7 - NT, W2K [0%] OCP Oracle8i DBA --- End 2002 deadline =:-O [0%] OCP Oracle9i DBA Organon (Ireland) Ltd. E-mail: [EMAIL PROTECTED] [subscribed: Digest Mode] Visit: http://groups.yahoo.com/group/Oracle-OCP-DBA "Nobody loves me but my mother... and she could be jivin' too." - BB King -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: O'Neill, Sean INET: [EMAIL PROTECTED] Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).=Eng. Christian TrassensSenior DBASystems Engineer[EMAIL PROTECTED][EMAIL PROTECTED]Phone : 541149816062__Do You Yahoo!?Get email alerts NEW webcam video instant messaging with Yahoo! Messenger. http://im.yahoo.com-- Please see the official ORACLE-L FAQ: http://www.orafaq.com-- Author: Christian Trassens INET: [EMAIL PROTECTED]Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051San Diego, California -- Public Internet access / Mailing ListsTo REMOVE yourself from this mailing list, send an E-Mail messageto: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and inthe message BODY, include a line containing: UNSUB ORACLE-L(or the name of mailing list you want to be removed from). You mayalso send the HELP command for other information (like subscribing).
Re: Preventing user access
That's why I said Net8. On 9i the new name is Oracle Net and Oracle Net Services. Regards. --- JOE TESTA [EMAIL PROTECTED] wrote: protocol.ora file is no longer supported in 9i. joe [EMAIL PROTECTED] 09/26/01 11:25AM You can use Connection Manager and define rules. Although you will need to change the net services entries of the tnsnames.ora or from the names or from LDAP, just to source the client to the Connection Manager before the server itself. Or if you use TCP/IP as the protocol for Net8, you can use the file protocol.ora. In order to restrict the access you must include these two lines: tcp.validnode_checking=TRUE tcp.excluded_nodes=(ip or name,.) .or better if there two many: tcp.included_nodes (ip or name) Regards. --- O'Neill, Sean [EMAIL PROTECTED] wrote: If I wish to do work on a database logging in to server itself and want to prevent users from accessing the system via network is there another way to do this if I don't want to use the enable restricted session functionality. I'm thinking there's probably a neat way to utiltise the listener process but have not figured it out. Also what If I need to work on DB over network but don't want any other users using DB what can I do to prevent their connecting? Sean :) Data Base Administrator Oracle 7.3.3, 8.0.5, 8.1.7 - NT, W2K [0%] OCP Oracle8i DBA --- End 2002 deadline =:-O [0%] OCP Oracle9i DBA Organon (Ireland) Ltd. E-mail: [EMAIL PROTECTED] [subscribed: Digest Mode] Visit: http://groups.yahoo.com/group/Oracle-OCP-DBA Nobody loves me but my mother... and she could be jivin' too. - BB King -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: O'Neill, Sean INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). = Eng. Christian Trassens Senior DBA Systems Engineer [EMAIL PROTECTED] [EMAIL PROTECTED] Phone : 541149816062 __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger. http://im.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Christian Trassens INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). = Eng. Christian Trassens Senior DBA Systems Engineer [EMAIL PROTECTED] [EMAIL PROTECTED] Phone : 541149816062 __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger. http://im.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Christian Trassens INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Preventing user access
Sean: Although probably you won't use it right now but in Oracle 9i there is a new function called Quiesce the database which will put the database into a partially available state. During this time, no ongoing non-DBA transactions, queries, or PL/SQL statements are allowed. Several maintenance operations could benefit from this feature. SQL Alter SYSTEM QUIESCE RESTRICTED; Kevin -Original Message- Sean Sent: Wednesday, September 26, 2001 7:25 AM To: Multiple recipients of list ORACLE-L If I wish to do work on a database logging in to server itself and want to prevent users from accessing the system via network is there another way to do this if I don't want to use the enable restricted session functionality. I'm thinking there's probably a neat way to utiltise the listener process but have not figured it out. Also what If I need to work on DB over network but don't want any other users using DB what can I do to prevent their connecting? Sean :) Data Base Administrator Oracle 7.3.3, 8.0.5, 8.1.7 - NT, W2K [0%] OCP Oracle8i DBA --- End 2002 deadline =:-O [0%] OCP Oracle9i DBA Organon (Ireland) Ltd. E-mail: [EMAIL PROTECTED] [subscribed: Digest Mode] Visit: http://groups.yahoo.com/group/Oracle-OCP-DBA Nobody loves me but my mother... and she could be jivin' too. - BB King -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: O'Neill, Sean INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Kevin Tsay INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Preventing user access
Hi, You can write a script in one run you can easily lock all accounts (except your self) after you finish your work you can unlock those accounts and everything back to normal. Sinardy -Original Message- Sean Sent: Wednesday, 26 September 2001 10:25 PM To: Multiple recipients of list ORACLE-L If I wish to do work on a database logging in to server itself and want to prevent users from accessing the system via network is there another way to do this if I don't want to use the enable restricted session functionality. I'm thinking there's probably a neat way to utiltise the listener process but have not figured it out. Also what If I need to work on DB over network but don't want any other users using DB what can I do to prevent their connecting? Sean :) Data Base Administrator Oracle 7.3.3, 8.0.5, 8.1.7 - NT, W2K [0%] OCP Oracle8i DBA --- End 2002 deadline =:-O [0%] OCP Oracle9i DBA Organon (Ireland) Ltd. E-mail: [EMAIL PROTECTED] [subscribed: Digest Mode] Visit: http://groups.yahoo.com/group/Oracle-OCP-DBA Nobody loves me but my mother... and she could be jivin' too. - BB King -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: O'Neill, Sean INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Sinard Xing INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).