db security, managed from application forms
List, after reading so much about managing the srcurity from the db users, roles and privileges, i have finally decided to do the same. I have figured out most of the things... 1. i have made a form interface to create role and grant privileges to roles. all the data goes to app tables, and then DB roles are created and grants given which matches the data entered. I have a routine which syncs the role/privs in the app tables to the db roles and privs. 2. another form provides interface to create users and grant roles to users. 3. then i have a MMB menu attached to a form which is executed. the user will login, and will be displayed a menu based on the role given to the user. this is where i'm not sure how would i handle it, something like... on-new-form-instance i would check the role name from the session_roles, and would have a table which would tell me which menu option has to be enabled with this role. am i going the right way ?? the forms will be run on the web, so i guess i cannot store them in the db, and cant use the menu roles facility. i have done a lot of work on this.. but cant figure out the role and form module to run...i dont want to go back to one app user accessing the db, and application managed seurity would appreciate any help. TIA -rahul -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: rahul INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: db security, managed from application forms
Hi Rahul, I know this isn't a direct answer to your question but you may find useful a large number of papers about Oracle security that are available on my website, quite a few by me and links to papers by many others that I have collected together. My site is http;//www.petefinnigan.com - have a look at the white papers section. kind regards Pete -- Pete Finnigan email:[EMAIL PROTECTED] Web site: http://www.petefinnigan.com - Oracle security audit specialists Book:Oracle security step-by-step Guide - see http://store.sans.org for details. -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Pete Finnigan INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: db security, managed from application forms
thats not appropriate. go to metalink, there is a script to run to setup security to work with .mmbs. we used on a project i was on last year. I think it was pretty easy to use. it just creates views and checks existing roles. I 'think'. I cant remember exactly. I think you combine this with a database logon trigger. your reinventing the wheel. Also, if you want to grant roles on the fly, I dont recommend this in the application layer. You should put it into a package in the database. fatcity has an odtug dev2k forum where you will probably get a better response. - Original Message - To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED] Sent: Saturday, August 30, 2003 10:59 AM List, after reading so much about managing the srcurity from the db users, roles and privileges, i have finally decided to do the same. I have figured out most of the things... 1. i have made a form interface to create role and grant privileges to roles. all the data goes to app tables, and then DB roles are created and grants given which matches the data entered. I have a routine which syncs the role/privs in the app tables to the db roles and privs. 2. another form provides interface to create users and grant roles to users. 3. then i have a MMB menu attached to a form which is executed. the user will login, and will be displayed a menu based on the role given to the user. this is where i'm not sure how would i handle it, something like... on-new-form-instance i would check the role name from the session_roles, and would have a table which would tell me which menu option has to be enabled with this role. am i going the right way ?? the forms will be run on the web, so i guess i cannot store them in the db, and cant use the menu roles facility. i have done a lot of work on this.. but cant figure out the role and form module to run...i dont want to go back to one app user accessing the db, and application managed seurity would appreciate any help. TIA -rahul -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: rahul INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Ryan INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).