Home » RDBMS Server » Security » Lock out user between specific times (Oracle 10.2.0)
Lock out user between specific times [message #440015] Wed, 20 January 2010 11:01 Go to next message
allie_jane
Messages: 1
Registered: August 2009
Location: Glasgow
Junior Member
Hi there,

Is it possible to lock an oracle user out of the database between specific times of the day?

I have users who I want to log into Business Objects XI and run adhock reports at night, but during the working day not to refresh the reports or run new ones.

BOXI doesn't have the functionality to stop this happening - I was hoping that I could do something with a on-logon trigger or a dbms_jobs?

I've looked into this but I was hoping that someone would have some live experience or advice.

Thanks

Alison
Re: Lock out user between specific times [message #440017 is a reply to message #440015] Wed, 20 January 2010 11:12 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Quote:
I was hoping that I could do something with a on-logon trigger or a dbms_jobs?

Both are needed, the latter one to kill the current sessions at the beginning of the period and the former one to prevent from new user connections.

Regards
Michel
Re: Lock out user between specific times [message #441868 is a reply to message #440017] Wed, 03 February 2010 09:47 Go to previous messageGo to next message
smunir362
Messages: 310
Registered: September 2007
Senior Member
There are two solutions
1. User a job and schedule it for lock and unlock as per requirement.

2. User secure application roles and enable roles at specified times and grant this role to users.
Re: Lock out user between specific times [message #441873 is a reply to message #441868] Wed, 03 February 2010 09:59 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Secure application role (one of my favorite features) do not prevent from connecting just from getting some roles (and maybe it is not possible to use them with BO, I don't know).
Being able to just connect may be sufficient to disturb or disrupt the reports.
A logon trigger is a better option, imo.

Regards
Michel
Re: Lock out user between specific times [message #441874 is a reply to message #441873] Wed, 03 February 2010 10:03 Go to previous messageGo to next message
smunir362
Messages: 310
Registered: September 2007
Senior Member
secure application roles can be used if system is design role base. I agree with you it can be use to enable disable privs. But a role can be specified object and system privs(create session).....

Re: Lock out user between specific times [message #441876 is a reply to message #441874] Wed, 03 February 2010 10:09 Go to previous message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
If an account has CREATE SESSION only in a secure applicatin role then it can NEVER connect as it must be connected to be able to activate the role.
So you cannot disable CREATE SESSION by a secure application role.

Regards
Michel
Previous Topic: Privileges
Next Topic: Oracle 11g Authenticationi via OpenLDAP
Goto Forum:
  


Current Time: Thu Mar 28 18:32:31 CDT 2024