If it is a homegrown app, you can create roles that have SELECT rights. These roles can be the default roles for the user. Roles that allow users to update data should not be default roles. This way the user can connect with any tool they like, but they can't update the data, unless they are smart enough to figure out that they must issue a SET ROLE ALL command.

If it is a 3rd party application, the schemas that own the objects should be locked down. Some 3rd party applications will encrypt the password, so that it only works when using their application - the user cannot connect with another tool.



Jay Hostetter
Oracle DBA
D. & E. Communications
Ephrata, PA USA

>>> <[Email Address Removed] 05/31/01 03:19PM >>>

I find it ridiculously easy to open up excel or access and set up a ODBC
connection to the database using a basic user account, and they have free
reign on all the tables owned by the application owner of our ERP
application. I don't know if you know of any way to restrict this access,
other than removing ODBC drivers in Microsoft Office for all the end
users... Removing rights in Oracle from the users would limit their ability
to run the application correctly.



Oracle LazyDBA home page