Re: How to Restrict DB access based on Client Type or Adress.

In article <353F2DEA.4DDCD665_at_citicorp.com>, Rachel Carmichael wrote:

You could always ensure that the user does not have the SQL*Plus executable! The product_user_profile will prevent the use of any command you specify.

The PROTOCOL.ORA will restrict by I.P. address. ($ORACLE_HOME/network/admin)

You only give access to users to the bits of the system then need.

Finally, you could always code a little front-end to all of your applications to check against a table whether access is allowed for this user/ip/whatever

regs

Neil Chandler

>You can use the Product_User_Profile table to restrict access only to forms
>and remove SQL*Plus access. This can be setup on a userid by userid basis.
>
>Rachel
>
>Miguel Nogueira wrote:
>
>> How can this be done using sql*net?
>> The implemented option is based on 'set role x identified by y' on a
>> session basis.
>> This way everyone can actually connect to DB.
>> I can observe that V$SESSION gives me many type of info that I would to
>> use in order to restrict access. For example I would like to restrict
>> ODBC or other type of connections.
>> Basically I would like to give access only to people:
>> -Using Forms (or other tool that I would be able to describe somewhere )
>> -No SQL*PLUS.
>> -Network Identified connections (IP).
>> (Like Internet authentication to a proxy).
>>
>> Please reply to this newsgroup.
>>
>> Thank you
>>
>> Miguel Nogueira
>
>
>
Received on Thu Apr 23 1998 - 08:22:56 CDT