RE: Security for Table/Procedure

From: <marmstrong_at_fairpoint.com>
Date: Tue, 05 Feb 2002 12:19:29 -0800
Message-ID: <F001.00406A6A.20020205122311@fatcity.com>

You
could set up a role that has all the privileges necessary to run the application then use the set role command in the application - this turns on the functionality while the user is using the application. Once out of the app, the users do not have privileges to tables/procedures unless granted via another role or specifically to the user. You can also create the role with a password - this password would be needed to use the set role command. This provides an additional level of security.
<SPAN

class=311011320-05022002>
<SPAN

class=311011320-05022002>Michele

-----Original Message-----From: Burton, Laura L. [mailto:BurtonL_at_prismplus.com]Sent: Tuesday, February 05, 2002 2:46 PMTo: Multiple recipients of list ORACLE-LSubject: Security for Table/Procedure
 I know that you can grant access on a table whether it be select, update, delete, etc, and I know that to keep from granting access to a table you can use procedures and grant execute rights to the procedure. Our situation is that we want to use
 procedures for security, but the procedures select data to populate a form and then update if applicable. We had talked about granting select to the tables by using a role since anyone can view the data, and then using procedures to update the tables. The only problem is that if we grant select to the tables and the application executes the procedure within it, the
 procedure will not be found and even the select will not happen.
 Could some of you share how you handle security? Am I missing something with tables/procedures? Any ideas would be appreciated. We are just
 beginning development and need to <FONT

  face=Arial size=2>have<FONT face=Arial 
  size=2> a handle on how we are going to do this<FONT face=Arial 
  size=2>.

Thanks,
Laura Received on Tue Feb 05 2002 - 14:19:29 CST