Application Control of Access
Access control really begins when the application is started and continues through the entire session. We have divided the control approach into the following three steps.
- Restricting user startup of the application
We want to prevent unauthorized users from even seeing the application display.
- Row access control by the application
The application can supplement the views. For performance reasons, we may have the application directly access the base table and we may restrict access to the rows in a manner similar to the view.
- Enabling access through the application
We have the application initiate a process that is completed entirely within the database. The approach will avoid hardcoding the password in the application and will not require the user to know the password.
Startup Control
Before you can control what the user can do, you must know something about the user. This is typically the user’s login name. Through the login name, you should be able to obtain the user’s organization information, the type of job the user performs, and so on. You must also know something about the application. This information should be complementary to the information you know about the user. In this application, we are able to get the user’s information because the login names are part of the record in the EMPLOYEE table.
Because all access is role-based, the application can check the roles the user has and compare those to the roles assigned to the application in the ...
Get Oracle Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.