restricting user role depending on the application user is coming through.
836478Feb 16 2011 — edited Feb 16 2011I have a situation like:
User A is granted system privs of Select any table,insert any table,update any table,delete any table.If the User A logins in using SQLPLUS,he should be allowed the system privs (Select any table,insert any table,update any table,delete any table). However, if the same user A logins in from some other applications (for example Excel) then User A should be allowed to do only SELECT ANY TABLE and all other system privs like INSERT,UPDATE,DELETE should be restricted or not allowed
Incase if you have any solution/ideas to fix this, please help me.
my code is provided below with the error returns:
CREATE OR REPLACE TRIGGER set_role
AFTER LOGON ON DATABASE
DECLARE
v_prog sys.v_$session.program%TYPE;
v_username sys.v_$session.username%TYPE;
BEGIN
SELECT program,username INTO v_prog,v_username
FROM sys.v_$session
WHERE audsid = USERENV('SESSIONID')
AND audsid != 0 -- Don't Check SYS Connections
AND ROWNUM = 1; -- Parallel processes will have the same AUDSID's
IF UPPER(v_prog) LIKE '%SQLPLUS%' and UPPER(v_username) LIKE '%MITUL%'
then
BEGIN
logon_proc;
END;
END IF;
END;
create or replace procedure logon_proc
authid current_user is
begin
sys.dbms_session.set_role('resource');
end logon_proc;
Error
======================================================================================
SQL> conn mitul/mitul
ERROR:
ORA-00604: error occurred at recursive SQL level 1
ORA-06565: cannot execute SET ROLE from within stored procedure
ORA-06512: at "SYS.LOGON_PROC", line 4
ORA-06512: at line 13
======================================================================================
Can anyone kindly help me in this issue.