| Restricting User from login to DB [message #597137] |
Tue, 01 October 2013 05:27  |
 |
live4learn
Messages: 41
Registered: September 2013
Location: Bangalore, India
|
Member |
|
|
Hi ,
I wanted to restrict the Users to login to DB using Application like TOAD or PL/SQl Developer .
But the users can login to DB using sql*plus.
We can get this info once user looged in to DB.
SQL> select SID,USER#,USERNAME,SERVER,MODULE from V$SESSION where USERNAME='LIVE4LEARN';
SID USER# USERNAME SERVER MODULE
1 24 18265 LIVE4LEARN DEDICATED SQL*Plus
2 30 18265 LIVE4LEARN DEDICATED PL/SQL Developer
4 37 18265 LIVE4LEARN DEDICATED PL/SQL Developer
5 40 18265 LIVE4LEARN DEDICATED PL/SQL Developer
Can we make this check done before login process and allow users to login when module not in ('TOAD','PL/SQL Developer
').
Do we have any method , like in user profile, where this could be added.
Thanks in advance.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Re: Restricting User from login to DB [message #597322 is a reply to message #597141] |
Thu, 03 October 2013 04:19  |
gazzag
Messages: 1114
Registered: November 2010
Location: Bedwas, UK
|
Senior Member |
|
|
|
Of course. But assuming that this is merely a check to remind users not to log in with anything other than SQL*Plus, it's good enough. Renaming a restricted application at the O/S level to circumvent this check is at best in breach of your company's ICT Codes of Standards and at worse malicious hacking.
|
|
|
|
| Re: Restricting User from login to DB [message #597813 is a reply to message #597322] |
Tue, 08 October 2013 09:39 |
|
live4learn
Messages: 41
Registered: September 2013
Location: Bangalore, India
|
Member |
|
|
One more help plz:)
I have many users , so I have created the trigger at Database level . For each database hit , this trigger will be fired .
For performance issue , I wanted to check for certain user , lets say 'coderunner' user , I don't want to perform all this checking.
I have various scripts where I am connecting to DB using 'coderunner' multiple times , what I want is instead of checking username not in ('coderunner') , check if current user is 'coderunner' exit immediately .
trigger body :
CREATE OR REPLACE TRIGGER block_tools_from_prod
AFTER LOGON ON DATABASE
DECLARE
v_prog sys.v_$session.program%TYPE;
BEGIN
SELECT program INTO v_prog
FROM sys.v_$session
WHERE audsid = USERENV('SESSIONID')
AND audsid != 0 -- Don't Check SYS Connections
AND username not in ('coderunner','live4learn')
AND ROWNUM = 1; -- Parallel processes will have the same AUDSID's
IF UPPER(v_prog) LIKE '%TOAD%' OR UPPER(v_prog) LIKE '%T.O.A.D%' OR -- Toad
UPPER(v_prog) LIKE '%SQLNAV%' OR -- SQL Navigator
UPPER(v_prog) LIKE '%PLSQLDEV%' OR -- PLSQL Developer
UPPER(v_prog) LIKE '%BUSOBJ%' OR -- Business Objects
UPPER(v_prog) LIKE '%EXCEL%' -- MS-Excel plug-in
THEN
RAISE_APPLICATION_ERROR(-20000, 'Development tools are not allowed here.');
END IF;
END;
--** Desired is ** --
CREATE OR REPLACE TRIGGER block_tools_from_prod
AFTER LOGON ON DATABASE
DECLARE
v_prog sys.v_$session.program%TYPE;
BEGIN
If current_user='coderunner' then
exit;
else
rest of the check
end if.
Thanks
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
