How to grant or deny access to RDBMS based on ODBC ?

Hello ,
Is it possible to have a logon-trigger that c denies access to the database when trying to connect with ODBC?
Erwin

> Also our standard here is that no one can access with odbc, but for the
moment we can not control it.
Basic management says that one does not create a rule that one cannot enforce.
Why is ODBC a problem? And why make it Oracle's problem?
Oracle does not care what client driver the client uses. It does not care what language the client is written in. It does not care what o/s and o/s version the client use.
Nor does Oracle security.
It honestly makes no sense at all to have Oracle police your ODBC "standard". Fact. It cannot be effectively policed by Oracle as it is a client side issue and not a server (RDBMS) issue.
I would look at why there is this no-ODBC standard. What is the actual/real problem? Once that is identified then one can look at a solution. And yeah, Oracle may play a role in this by correcting and properly implementing security in Oracle... but it can by no means be the cop that controls what end-user software a client runs when connecting to the database.
And this deals with basic security fundamentals. Violate these at your own risk.

Similar Messages

  • How to grant corporate accounts access to the Office store to install the Dictionary in Word 2013 (365)

    We are currently migrating from Office 2010 MSI to Office 365 (2013) click to run installation deployed with Configuration Manager.  I was curious if there was a way to grant our corporate accounts access to the Office store to pull in the Dictionary
    and other tools not baked into Office 2013 (365).
    The only way I have been able to do this is to have a separate Microsoft account to install the Dictionary. 
    Thanks,
    Brita

    Hi Brita:
    With which accounts you set up your Office client, Office 365 subscribe account or your corporation account? Have you set up
    directory synchronization for Office 365? Per my experience, if the directory synchronization has been set up, your corporation accounts will be associated with Office, therefore no need extra effort to install apps from Office store,
    you can simply insert apps available in Office store to word in your case. If I misunderstood the situation, please let me know, thank you.
    For Plan for directory synchronization for Office 365 please refer to
    this article

  • How to grant group level access to a dynamic page?

    I'm trying to write some code which grants access to a Portal group on a dynamic page.
    I've tried using the wwsec_api.set_group_acl procedure like this:
    wwsec_api.set_group_acl(
    p_group_id => 0, -- Authenticated User
    p_object_type_name => wwsec_api.PORTLET_OBJ, -- ??????
    p_owner => 'MYPROVIDER',
    p_name => 'DYNAMIC_PAGE_NAME',
    p_privilege => wwsec_api.MANAGE_PRIV
    When I execute it I get an error message:
    ORA-01722: invalid number
    What object type is a Dynamic Page? Is PORTLET_OBJ correct?
    Any suggestions are welcome!

    This worked for me:
    wwsec_api.set_group_acl(
    p_group_id => 0, -- Authenticated User
    p_object_type_name => 'DYNAMIC',
    p_owner => 'MYPROVIDER',
    p_name => 'DYNAMIC_PAGE_NAME',
    p_privilege => wwsec_api.MANAGE_PRIV
    (Found the object_type_name in the table wwsec_sys_priv$)

  • LSO: How to restrict employee from accessing LSO Web based course.

    Hi Gurus,
    We have a requirement where we need to restrict few section of employees from accessing the LSO web nased courses. I know this can be done from Structural Authorization concept.
    Can anyone tell me how to implement this structural authorization of section of employees. or any link mentioning step-by-step process will be great help.
    Thanks,
    Swet

    Hello Satya,
    The status comes from entries in Table T77BW. I don't recommend that you change the status as I don't know what issue may occur.
    Relevant coding in RHPQ_INDIVIDUAL_PLAN_READ.
    IF history_tab-endda < sy-datum.            "begin note 588403
      pplans_tab-state_id = att_state_id.
      pplans_tab-statetxt = att_statetxt.
    ELSE.
      SELECT SINGLE * FROM t77bw INTO wa_t77bw
               WHERE context = 'EVENT_BOOK'.
      IF wa_t77bw-new_state IS INITIAL.
        pplans_tab-state_id = '02'.
      ELSE.
        pplans_tab-state_id = wa_t77bw-new_state.
      ENDIF.
    Regards,
    Manny

  • Is there a way to deny access to BI Publisher in OBIEE 11g?

    In 11g, the New button in Answers ists all of the types of objects that a user can create. I've figured out which of the privileges controls the display of each of those options, EXCEPT for all of the options under the Published Reporting category. How can we turn on/off access to those 5 objects (essentially, grant or deny access to the BI Publisher options)?

    I figured out the answer about 3 minutes after posting the question.
    All of the existing Application Roles are associated with Application Policies that allow access to BI Publisher. By creating a new Application Policy and an associated Role, I can accomplish my goal.

  • How to grant anonymous access on sharepoint document library/list only not for web application

    Hello
    How to grant anonymous access on sharepoint document library/list only not for web application.I have claim based sharepoint site and has to be but i want to grant access on document library/list only.Is this possible?
    Thanks
    Rajesh Kumar "Changing the Face" can change nothing.But "Facing the Change" can change everything.

    As i am using following code
    SPSite site = SPContext.Current.Site;
                SPWeb web = SPContext.Current.Web;
                SPSecurity.RunWithElevatedPrivileges(delegate()
                    using (SPSite ospSite = new SPSite(site.ID))
                        using (SPWeb webs = ospSite.OpenWeb(web.ID))
                            // Enable anonymous access on web application
                            webs.AllowUnsafeUpdates = true;
                            SPUrlZone urlZone = SPUrlZone.Default;
                            SPWebApplication specifiedWebApplication = ospSite.WebApplication;
                            SPIisSettings iisSettings = specifiedWebApplication.IisSettings[urlZone];
                            //iisSettings.AuthenticationMode = AuthenticationMode.Windows;
                            iisSettings.AllowAnonymous = true;                       
                            specifiedWebApplication.Update();
                            // Get document library collection here and fetch all the document urls
                            SPDocumentLibrary docLib = (SPDocumentLibrary)web.Lists["Documents"];
                            if (docLib != null)
                                docLib.BreakRoleInheritance(true, false);
                                docLib.AllowEveryoneViewItems = true;
                                docLib.AnonymousPermMask64 = SPBasePermissions.ViewPages | SPBasePermissions.OpenItems | SPBasePermissions.ViewVersions
                                    | SPBasePermissions.Open | SPBasePermissions.UseClientIntegration | SPBasePermissions.ViewFormPages | SPBasePermissions.ViewListItems;
                                //docLib.AnonymousPermMask64 = SPBasePermissions.EmptyMask;
                                docLib.Update();
    Should working but getting access denied......i am totally stuck at this point.
    Rajesh Kumar "Changing the Face" can change nothing.But "Facing the Change" can change everything.

  • ACL - how to (easily) deny access to everthing but home directory

    I was trying to set up a very restrictive drop box for users to leave and take files from. I set up a special USER and then thought I could use the ACL's to deny access to the system except for the home directory. From reading the documentation I tried the following
    1) at the root level I denied read/write access for USER
    2) at the home directory I allowed read/write access for USER
    and then I tried to 'remove inherited' ACLs. I can't seem to get this to work. USER is always denied. Any help appreciated

    Never mind. I figured out how to do this from the command line using chmod +a to do multiple directories at once. I still don't know why the top level ACL wouldn't propagate to the lower directories but once I did this on the /* directories everything was fine.

  • How toplink grant permission for direct field access

    I know already know that if I need to direct access private or protected field of an instance I must grant supressAccessChecks to ReflectPermission class using policytool or edit java.policy file directly ...
    but how Toplink grant this permission to ReflectPermission class since my java.policy file remain the original.
    Kowit Laison

    In my own experiences, the first release of JDK 1.2 had problems with reflection accessing private attributes. As you mentioned, you had to have a policy file that allowed TopLink access to reflectively access private attributes.
    Since subsequent releases (1.2.x, 1.3, 1.4, etc), it always has "just worked". I.e., it seems to be default behavior of JVM's that you can acess private attributes through reflection. Sometimes some app servers come with startup scripts that have policies that change this default behavior and you have to override it, but in general, a vanilla JVM simply will allow private attribute access through reflection.
    - Don

  • When trying to download an on-line document, how do I correct an access denied message?

    When trying to download an on-line document, how do I correct and "access denied" message?

    If you are trying to access a document from someone else's site and you are getting an access denied message, it is probably because you are not supposed to be able to acquire the file without getting more access permissions than you have at the moment.

  • Need to deny access to file manager for the user

    Hi
    I need to be able to deny access to the file manager, as I dont want my client deleting files. however, for some reason I have to allow him access to this as he needs to be able to upload files through InContext Editor (he needs to link pages to documents that are not on the server so he needs to upload them and to do this, I have to grant him access to file manager).  How can I get around this?  I dont want to have to reupload his site every time he deletes a file....

    Unfortunately it can't be done - access to the file manager allows deleting as well as uploading and at this point that cannot be changed.

  • Deny access to sudoers file as an Administrator

    In our company we have users with Administrator rights on their Macs.
    As a Systems Administrator I want to deny access to the sudoers file. Also I want to deny the elevation to Root.
    How can I do this?

    Lt.Tuvok,
    This doesn't make much sense. The definition of an "admin user" is one that can be elevated to root, or at least root privileges. In all other respects, an admin is nothing more than a "standard" user.
    All of the otherwise "special" abilities that are granted to admin users come as a result of their ability to perform those operations normally reserved for root exclusively. Things like changing the ownership of a file not owned by them, or changing global system settings, etc.
    In essence, these operations are still held exclusive to root, but admin users are able to elevate themselves to that status. This is why the admin password is required in order to perform these things; it is no different than entering that password when invoking "sudo" at the command line.
    What I am getting at, here, is that what you really want is to create these users as standard users.
    Scott

  • SAP PI problem: User credentials are invalid or user is denied access

    Hi!
    I am about to configure SAP PI.
    Therefore I have run post installation wizard step PI_00 and get the following errors:
    Error: Not able to load Function SWF_XI_BPM_AUTO_CUSTOMIZE
    (cause:Name or password is incorrect (repeat logon)).
    Step: Execute SWF_XI_BPM_AUTO_CUSTOMIZE
    Error: User credentials are invalid or user is denied access
    Step: Add Installed Product2
    Questions:
    How can I identify which user/password makes problems here?
    P.S.
    My further problems are:
    2) It is not possible to work with XI tools, such as:
    Integration Directory, Integration Repository, Runtime Workbench
    When I try to execute some action in these tools I get the following error:
    Cannot connect to Repository
    Error during communication with System Landscape Directory: User credentials are invalid or user is denied access.
    2) When I try to access the NetWeaver configuration wizard (http://localhost:50000/nwa)
    I get the followign warnig:
    System Landscape Directory is not available
    Only local systems can be maintened
    Thank you very much
    Thom

    Hi,
    Check the similar discussion  Error in PI postinstallation wizard
    Wrong password PISUPER in PI_00 wizard
    Thanks!
    Edited by: Sudhir Tiwari on Nov 26, 2008 10:29 AM

  • Granting Read Only Access to user in another schema

    Oracle Database 10g
    Red Hat Enterprise Linux Server release 5.3
    We are requested by a developer to grant his account read only access to TABLES, VIEWS, INDEXES, SEQUENCES, FUNCTIONS, PROCEDURES, PACKAGES, TRIGGERS, JOBS of another schema.
    I know granting read only access to Tables and Views. But is it possible to grant READ ONLY access to other mentioned objects ? How to do it ?
    And some views are in INVALID status.
    I tried to compile them using alter view owner.viewname compile;
    But got this ---- Warning: View altered with compilation errors.
    Those views are still in INVALID status. And then I tried to use utlrp.sql . Same result.
    Then I used the following
    SELECT TEXT FROM DBA_VIEWS WHERE VIEW_NAME='view-name';
    select REFERENCED_NAME,REFERENCED_TYPE from dba_dependencies where name='view-name';
    It turns out some reference types are non existent.
    Does that mean DBAs cannot do anything about this ?

    Nilton wrote:
    We are requested by a developer to grant his account read only access to TABLES, VIEWS, INDEXES, SEQUENCES, FUNCTIONS, PROCEDURES, PACKAGES, TRIGGERS, JOBS of another schema.
    I know granting read only access to Tables and Views. But is it possible to grant READ ONLY access to other mentioned objects ? How to do it ?
    TABLES -> YES grant SELECT
    VIEWS -> YES grant SELECT
    SEQUENCE -> YES grant SELECT
    INDEXES -> There is no read access for indexes...indexes are put on tables and a user who has read access on tables can read the index as well.
    FUNCTIONS / PROCEDURES / PACKAGES -> I am not sure what you mean by read access on procedures, functions and packages. You may grant EXECUTE privilege on these.
    TRIGGERS -> there is no read access on triggers required. They are implemented on tables for a DML event. If the user has DML access he has the execute access on the trigger as well.
    JOBS -> I am not sure what to read from Jobs.
    And some views are in INVALID status.
    I tried to compile them using alter view owner.viewname compile;
    But got this ---- Warning: View altered with compilation errors.
    Those views are still in INVALID status. And then I tried to use utlrp.sql . Same result.
    Then I used the following
    SELECT TEXT FROM DBA_VIEWS WHERE VIEW_NAME='view-name';
    select REFERENCED_NAME,REFERENCED_TYPE from dba_dependencies where name='view-name';
    It turns out some reference types are non existent.
    Does that mean DBAs cannot do anything about this ?There are compilation errors in the Views. e.g. the view may be referring to a table which doesn't exist etc.
    Unless you fix the error in the view you can't compile it and male it valid. Fix the view errors. If objects are non existing create them or refer to view to some where else.
    If the nonexistent objects were mistakenly dropped, or the data file which contained those objects was dropped, no matter what was the reason for that object to be gone a DBA can bring it back if he is a well prepared DBA and has setup his database for such kind of disasters.
    Now tell us why those objects are non-existent ? were they meant to be gone ? or they were dropped mistakenly?
    Now here are my guesses:
    If they were meant to be gone then probably the views definitions need to be adjusted not to refer them anymore.
    If they were mistakenly dropped then:
    Do you have them in recyclebin? (only tables) if YES just FLASHBACK TABLE <<tablename>> AS BEFORE DROP.
    Is your database has Flashback database ON? if YES FLASHBACK DATABASE until 'time/scn just before the object was dropped'
    Do you have backups and your database is running in ARCHIVE LOG mode? if YES perform an incomplete recovery using RMAN.

  • Grant Permission In Access Database

    Hello All
    How to set Grant Permission in Access Database, I get an error here
    what's wrong in my SQL syntax?
    Best Regard
    Xan To

    Hello Matthias Kläy
    I Have try your code and I get an error
    this my code
    Imports System.Data.OleDb
    Imports System.Data
    Imports ADOX.ObjectTypeEnum
    Imports ADOX.ActionEnum
    Imports ADOX.RightsEnum
    Public Class Form1
    Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
    Dim cat As ADOX.Catalog
    Dim grp As New ADOX.Group
    Dim Builder As New OleDb.OleDbConnectionStringBuilder
    Try
    With Builder
    .Provider = "Microsoft.ACE.OLEDB.12.0"
    .DataSource = "C:\Users\Xan To\Desktop\Test.mdb"
    End With
    'Using cn As New OleDb.OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Users\Xan To\Desktop\Test.mdb; Jet OLEDB:System Database=system.mdw;")
    Using cn As New OleDb.OleDbConnection
    With cn
    .ConnectionString = Builder.ConnectionString
    End With
    Using cmd As New OleDb.OleDbCommand
    With cmd
    .Connection = cn
    .CommandText = "GRANT SELECT ON TABLE MSysObjects TO PUBLIC"
    End With
    cn.Open()
    'cmd.ExecuteNonQuery()
    cat = New ADOX.Catalog
    cat.ActiveConnection = cn
    grp.Name = "Public"
    cat.Groups.Append(grp)
    grp.SetPermissions("MSysObjects", adPermObjTable, adAccessGrant, adRightRead)
    End Using
    End Using
    Catch ex As Exception
    MessageBox.Show(ex.ToString)
    End Try
    End Sub
    End Class

  • How to grant  view privilege for Instant Portal to public users?

    How to grant view privilege for Instant Portal to public users?

    Oracle Instant Portal was designed to offer secure access to company and departmental information, and it isn't currently possible to make instant portal pages public.

Maybe you are looking for

  • Error reports

    when i connect my ipod a microsoft error report comes up and when i click either send error report, debug or don't send itunes closes itself. when the ipod is not connected itunes runs fine. can anyone tell me what to do please

  • How to  fetch the relational  data from the xml file registered in xdb

    Hi, I have to register the xml file into the  xdb repository and i have to fetch the data of the xml file as relational structure  through the select statement . i used the below query to register the xml file in xdb. DECLARE v_return BOOLEAN; BEGIN

  • Notes in IOS 10.9.1 keeps creating new note

    Running OSX 10.9.1, as I type a note, it automatically creates a new note as a snapshot of where I am in the note. On a 10 line note, it creates 9 notes, all with the same title and progressive snapshots of the final note. Only does it on one of my M

  • Deleted iPhoto Photos showing in the new Photos app

    I didn't see a new spot to ask this so I figured I would post it in the iPhoto section.  When my wife and I import to iPhoto we usually delete a bunch of random screenshots,etc.  iPhoto doesn't have them but looking back for some reason the new photo

  • Paths etc etc

    Hello, I'm a student who's just being introduced to java technology, and i have downloaded the latest java sdk, but cannot get it to compile or run any of my programs i get. I've read several forums about class paths and such, but i've tried setting