Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Follow-up: It's NOT possible to set role in db's logon trigger

Re: Follow-up: It's NOT possible to set role in db's logon trigger

From: Jonathan Lewis <jonathan_at_jlcomp.demon.co.uk>
Date: Tue, 28 Jan 2003 03:14:10 -0800
Message-ID: <F001.0053BE70.20030128031410@fatcity.com> 






Roy,



I missed the first run of the question, so you've
probably had this answer already.



You can set a role inside a procedure if
the procedure is declared with invoker


rights (authid current_user) although the
procedure cannot then be run in a logon


trigger.



However, in Oracle 9, you could define the
role as an application role protected by
a package.  If COTS attaches to the database
using OCI, then you could consider using
the PROXY_USER features.  In this case,


COTS connects as "itself", then becomes


the end-user, without knowing the end-user
password.  Your package could then set


the role based on the fact that


    sys_context('userenv','proxy_user')


was 'COTS'.



When the user logs in normally, their


'proxy_user' value will be null.  The only
way that they could switch on the role


would be to write their own OCI program


that logged on as COTS first - which means
they'd have to know the COTS password


anyway, so your data would have been


unprotected anyway.




Regards



Jonathan Lewis


http://www.jlcomp.demon.co.uk



Coming soon a new one-day tutorial:


Cost Based Optimisation


(see http://www.jlcomp.demon.co.uk/tutorial.html )




____UK_______March


____USA_(FL)_May




Next Seminar dates:


(see http://www.jlcomp.demon.co.uk/seminar.html )




____USA_(CA, TX)_August




The Co-operative Oracle Users' FAQ


http://www.jlcomp.demon.co.uk/faq/ind_faq.html




-----Original Message-----


To: Multiple recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>
Date: 27 January 2003 23:48


trigger




In case anyone cares--it looks like it is *not* possible to set a role
in an


after logon trigger.  Had I only looked at metalink:



AFTER LOGON Triggers Don't Allow DBMS_SESSION.SET_ROLE to Keep Roles
Enabled


http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p
_datab


ase_id=NOT&p_id=106140.1



Bummer, that.



Thanks again to all who responded.



Cheers,



-Roy



Roy Pardee


Programmer/Analyst


SWFPAC Lockheed Martin IT


Extension 8487




-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Jonathan Lewis
  INET: jonathan_at_jlcomp.demon.co.uk

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L


(or the name of mailing list you want to be removed from).  You may

also send the HELP command for other information (like subscribing).


Received on Tue Jan 28 2003 - 05:14:10 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US