9.6. Managing Patron and Librarian Privileges
Back in Chapter 7, we looked at Oracle security and how we could protect the security of our library application. One important component of application security involves specifying and managing privileges. This section provides the detailed information about how to set up the necessary privileges to protect the library application.
Table 9-3 presents an overview of the software components we will add to the library system in order to allow individuals to have their own password-protected accounts.
| Category | Task | Program name | Implemented where? |
|---|---|---|---|
| Login-related user interface components | User interface for logging in and out |
login | Stored procedure (PL/SQL Server Page) |
| Support utilities for login PSP |
process_login logout | Package loginweb | |
| Administrator create and modify any user page |
userform | Stored procedure (PL/SQL Server Page) | |
| Support utilities for userform PSP |
process_edits | Package userformweb | |
| End user modify profile page |
editprof | Stored procedure (PL/SQL Server Page) | |
| Administer user security for web applications (using session ids) | If username and password okay, create new session id (random string) |
new_session_id | Package privweb (privilege for web applications) |
| Find user id from session id |
user_id | ||
| Determine whether session has a particular privilege |
assert_allowed | ||
| Administer user security based on user ids | Determine whether ... |
Get Learning Oracle PL/SQL now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
