Chapter 13. The Product User Profile
In addition to the standard database security Oracle provides and enforces for all database objectsâtables, views, and the likeâOracle provides an application security scheme for SQL*Plus. This allows you to control the specific commands a SQL*Plus user is allowed to execute. At the core of the SQL*Plus application security scheme is the product user profile.
What Is the Product User Profile?
The product user profile is an Oracle table,
owned by the SYSTEM user, that contains a list of SQL*Plus command
restrictions by user. The table may contain role restrictions as well.
The name of this table used to be product_user_profile. Now it is product_profile, but a
synonym named product_user_profile
exists to ensure backward compatibility.
Why Does the Product User Profile Exist?
Primarily, the aproduct user profile enables you to give end users access to SQL*Plus for reporting and ad hoc query purposes, yet restrict them from using SQL statements such as INSERT and DELETE that might damage production data.
Real-world applications typically implement many business rules, edit checks, and security at the application level rather than within the database. Modifying the data using an ad hoc tool, such as SQL*Plus, bypasses the rules and risks data integrity. Because of this, it's usually important to ensure that data are modified through the application, where the rules can be enforced.
If you give people an application that requires a database username ...
Get Oracle SQL*Plus: The Definitive Guide, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
