Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: 8.1.6: possible to set role in db's logon trigger?

RE: 8.1.6: possible to set role in db's logon trigger?

From: Koivu, Lisa <Lisa.Koivu_at_efairfield.com>
Date: Mon, 13 Jan 2003 08:43:59 -0800
Message-ID: <F001.0052DC19.20030113084359@fatcity.com> 





Hi Roy, 



Note 122230.1 will answer your first question about session id's. 



Lisa Koivu


Oracle Dogbone Administrator


Fairfield Resorts, Inc.


5259 Coconut Creek Parkway


Ft. Lauderdale, FL, USA  33063







-----Original Message-----



Sent: Monday, January 13, 2003 10:44 AM


To: Multiple recipients of list ORACLE-L




Greetings all,



I'm trying to support a COTS application that is back-end agnostic & makes
only minimal use of security on the db.  In particular, it requires that
users be granted a default role that has *very* heavy permissions--enough to
do some major mischief should they ever figure out how to use odbc or
sql*plus.



My collegues & I have devised a kludgy method for getting around this
problem, involving a shill startup program that turns the default-ness of
the role on & off in conjunction with users opening & closing the client
program.  This works, but is a pain to maintain.



I've recently discovered the v$session.program field & am now wondering
whether it would be possible to use the new-fangled logon system trigger to
set the role only for cases where v$session.program = the COTS client.



Can anybody comment as to whether this is a viable approach on an 8.1.6
database & if not, on a 9i db?



In particular, there are two things I don't know--first, how to select just
the one row in v$session that corresponds to the current connection.  If a
user was to start up the COTS client & then connect to the same db via
sql*plus, I would want the role set *only* for the COTS client session.  My
best thought so far here is to use the most recently started connection
based on v$session.logon_time.



Second, whether the SET ROLE statement is legal in a logon trigger.



All help will be most welcome.



Thanks!



-Roy




Roy Pardee


Programmer/Analyst


SWFPAC Lockheed Martin IT


Extension 8487


-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.net


-- 



Author: Pardee, Roy E


  INET: roy.e.pardee_at_lmco.com


Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services


---------------------------------------------------------------------

To REMOVE yourself from this mailing list, send an E-Mail message


to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).



-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.net


-- 



Author: Koivu, Lisa


  INET: Lisa.Koivu_at_efairfield.com


Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services


---------------------------------------------------------------------

To REMOVE yourself from this mailing list, send an E-Mail message


to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Mon Jan 13 2003 - 10:43:59 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US