Home » RDBMS Server » Server Administration » User Privileges (Oracle 10g, windows 2000)
User Privileges [message #394239] Thu, 26 March 2009 04:52 Go to next message
snsiddiqui
Messages: 172
Registered: December 2008
Senior Member
Dear Gurus

I create a user EXP for backup therefore I give him privileges
CREATE SESSION
EXP_FULL_DATABASE

but the problem is I don't want to connect this user by SQL or anyother tool because if somebody know the password then he/she couldn't use SQL.

Please help me in this regards.

Report message to a moderator

Re: User Privileges [message #394260 is a reply to message #394239] Thu, 26 March 2009 05:40 Go to previous messageGo to next message
babuknb
Messages: 1736
Registered: December 2005
Location: NJ
Senior Member

You may need to write database trigger.

Babu

Report message to a moderator

Re: User Privileges [message #394265 is a reply to message #394239] Thu, 26 March 2009 06:01 Go to previous messageGo to next message
Mahesh Rajendran
Messages: 10708
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
>>if somebody know the password then he/she couldn't use SQL.
Which sql?

[Updated on: Fri, 27 March 2009 10:33]

Report message to a moderator

Re: User Privileges [message #394270 is a reply to message #394265] Thu, 26 March 2009 06:22 Go to previous messageGo to next message
babuknb
Messages: 1736
Registered: December 2005
Location: NJ
Senior Member

Oh Yes Correct.

Sorry for my understanding.

Mr Mahesh, Your correct it may be privileage issue.

Report message to a moderator

Re: User Privileges [message #394272 is a reply to message #394270] Thu, 26 March 2009 06:27 Go to previous messageGo to next message
JRowbottom
Messages: 5933
Registered: June 2006
Location: Sunny North Yorkshire, ho...
Senior Member
It is a privilege issue.
It is very difficult to write an On-Logon trigger that will stop a knowledgable user rfom circumventing the trigger by renaming the executable that they are using.

Report message to a moderator

Re: User Privileges [message #394275 is a reply to message #394272] Thu, 26 March 2009 06:31 Go to previous messageGo to next message
babuknb
Messages: 1736
Registered: December 2005
Location: NJ
Senior Member
>> On-Logon trigger that will stop a knowledgable user rfom circumventing the

Yes you're correct Mr Jrow. I mistakenly understand. Sorry for that.

Babu

Report message to a moderator

Re: User Privileges [message #394327 is a reply to message #394239] Thu, 26 March 2009 08:20 Go to previous messageGo to next message
joy_division
Messages: 4963
Registered: February 2005
Location: East Coast USA
Senior Member
snsiddiqui wrote on Thu, 26 March 2009 05:52

but the problem is I don't want to connect this user by SQL or anyother tool because if somebody know the password then he/she couldn't use SQL.



Then make the password really difficult. QED.

Report message to a moderator

Re: User Privileges [message #394432 is a reply to message #394239] Fri, 27 March 2009 01:26 Go to previous messageGo to next message
snsiddiqui
Messages: 172
Registered: December 2008
Senior Member
Dear All
Thanks for the reply.

As you all know he can query differenct data dictionary views/tables and I want to stop for these type of activities or any other.

Report message to a moderator

Re: User Privileges [message #394491 is a reply to message #394239] Fri, 27 March 2009 07:39 Go to previous messageGo to next message
JRowbottom
Messages: 5933
Registered: June 2006
Location: Sunny North Yorkshire, ho...
Senior Member
You do know that Exports aren't backups, don't you?

Report message to a moderator

Re: User Privileges [message #394499 is a reply to message #394432] Fri, 27 March 2009 08:18 Go to previous messageGo to next message
JRowbottom
Messages: 5933
Registered: June 2006
Location: Sunny North Yorkshire, ho...
Senior Member
You can restrict access to Sql*Plus via Product User Profile, but that won't help for other SQL programs.

Report message to a moderator

Re: User Privileges [message #394514 is a reply to message #394432] Fri, 27 March 2009 09:47 Go to previous messageGo to next message
Mahesh Rajendran
Messages: 10708
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
>>As you all know he can query differenct data dictionary views/tables and I want to stop for these type of activities or any other.
I just do not understand the concern.
You trust the user and give permission to do a full export.
The user can get the data out of database and do whatever with it.
But still worry about querying the DataDictionary views?
As JRowBottom already suggested,
You gave the permission. You cannot stop a user with right knowledge to circumvent everything.

Report message to a moderator

Re: User Privileges [message #394515 is a reply to message #394514] Fri, 27 March 2009 09:58 Go to previous messageGo to next message
JRowbottom
Messages: 5933
Registered: June 2006
Location: Sunny North Yorkshire, ho...
Senior Member
It's not just the data dictionary tables - EXP_FULL_DATABASE looks like it grants you SELECT ANY TABLE.

Report message to a moderator

Re: User Privileges [message #394518 is a reply to message #394515] Fri, 27 March 2009 10:15 Go to previous messageGo to next message
Mahesh Rajendran
Messages: 10708
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
Yes. That's right and EXECUTE ANY is also included.
My point is, If user is allowed to get ANY data out, it better be a trusted user.
EXP and IMP_FULL_DATABASE gives a wide range of privileges.

Report message to a moderator

Re: User Privileges [message #396225 is a reply to message #394239] Sun, 05 April 2009 04:48 Go to previous messageGo to next message
malikjee
Messages: 80
Registered: May 2007
Location: lahore
Member
HI!
YOU MAY DROP USER AND RECREATE IT AGAIN CAREFULY WITH SOUND ATHENTICATION.
BEST REGARDS;
MALIK

Report message to a moderator

Re: User Privileges [message #396230 is a reply to message #396225] Sun, 05 April 2009 05:30 Go to previous messageGo to next message
Michel Cadot
Messages: 68718
Registered: March 2007
Location: Saint-Maur, France, https...
Senior Member
Account Moderator
Don't post in UPPER case, it is hear as shouting.
Please read OraFAQ Forum Guide.

Regards
Michel

Report message to a moderator

Re: User Privileges [message #396234 is a reply to message #396230] Sun, 05 April 2009 06:08 Go to previous message
malikjee
Messages: 80
Registered: May 2007
Location: lahore
Member
Hi Mr Michel!
Sorry for mistake
Best Regards.
Malik

Report message to a moderator

Previous Topic: Use 10g to undo/check data from history
Next Topic: How to protect object from ddl and dml commands
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Dec 01 20:10:57 CST 2024
.:: Forum Home :: Blogger Home :: Wiki Home :: Contact :: Privacy ::.