iSQL*Plus User's Guide and Reference Release 9.0.1 Part Number A88826-01 |
|
Security, 3 of 4
To disable a SQL or SQL*Plus command for a given user, insert a row containing the user's username in the Userid column, the command name in the Attribute column, and DISABLED in the Char_Value column.
The Scope, Numeric_Value, and Date_Value columns should contain NULL. For example:
PRODUCT USERID ATTRIBUTE SCOPE NUMBERIC CHAR DATE VALUE VALUE VALUE ------- ------ --------- ----- -------- ------ ----- SQL*Plus HR HOST DISABLED SQL*Plus % INSERT DISABLED SQL*Plus % UPDATE DISABLED SQL*Plus % DELETE DISABLED
To re-enable commands, delete the row containing the restriction.
You can disable the following SQL*Plus commands:
EXECUTE |
START |
RUN |
|
You can also disable the following SQL commands:
ALTER |
LOCK |
ANALYZE |
NOAUDIT |
AUDIT |
RENAME |
CONNECT |
REVOKE |
CREATE |
SELECT |
DELETE |
SET ROLE |
DROP |
SET TRANSACTION |
GRANT |
TRUNCATE |
INSERT |
UPDATE |
You can also disable the following PL/SQL commands:
BEGIN |
DECLARE |
This is an example of how to insert a row into the PUP table to restrict the user HR from using the SELECT statement:
INSERT INTO PRODUCT_USER_PROFILE VALUES ('SQL*PLUS', 'HR', 'SELECT', NULL, NULL, 'DISABLED', NULL, NULL);
CONNECT HR/HR; SELECT * FROM EMP_DETAILS_VIEW;
This command causes the following error message:
SP2-0544: INVALID COMMAND: SELECT
DELETE FROM PRODUCT_USER_PROFILE WHERE USERID = 'HR';
|
Copyright © 1996-2001, Oracle Corporation. All Rights Reserved. |
|