Home » RDBMS Server » Security » Security Issue
Security Issue [message #108818] Fri, 18 February 2005 11:21 Go to next message
tinny
Messages: 4
Registered: February 2005
Junior Member
Our security was not designed properly, in that there are objects that have been given public access and public synonyms created for them. There are also a number of users who were given privileges that they really shouldn't have. The applications give the right restrictions, but if the users go and access the database through sql*plus, they could create havoc if they wanted to.

Is there a way to get around this and restrict database access other than thru the app without having to go and audit each user's roles and without having to remove public grants? Product_user_profile table does not give enough restriction. There are lots of ways around that.
Database is on Oracle 9i.
icon12.gif  Re: Security Issue [message #109149 is a reply to message #108818] Tue, 22 February 2005 10:05 Go to previous message
Uwe
Messages: 260
Registered: February 2003
Location: Zürich, Switzerland
Senior Member
Hi,

we try this with a SQL Plan and Consumer Groups. So that all "Non-Application" Users gets only 10 % of the DB-Performance.
I hope that this will work fine, I set it up yesterday and we will work with it in the next weeks

Uwe
Previous Topic: audit dml statement
Next Topic: Prevent Access Users From Having Read/Write Access
Goto Forum:
  


Current Time: Fri Mar 29 09:24:07 CDT 2024