HPE Community
Operating System - HP-UX
1753479 Members
4885 Online
108794 Solutions
New Discussion юеВ

Re: Mutiple DB's on one Cluster - Security problem

 
Rudi Martin
Advisor

тАО11-27-2003 07:07 PM

тАО11-27-2003 07:07 PM

Mutiple DB's on one Cluster - Security problem

Hi there

We have multiple DB's on one Cluster serving the whole of South Africa. Users from all over connects to their own DB's , but it leaves it open to access the other db's as well. Instead of setting up hundreds of menu's only allowing certain access , is there any way to block a specific userid from accessing anything besides their DB ?

THank you
0 Kudos
Reply
6 REPLIES 6
Michael Schulte zur Sur
Honored Contributor

тАО11-27-2003 07:16 PM

тАО11-27-2003 07:16 PM

Re: Mutiple DB's on one Cluster - Security problem

Hi,

No user should be a member of the oracle dba group and then use different users in different dbs. Can you specify, how users can access other dbs?

greetings,

Michael
0 Kudos
Reply
Christian Gebhardt
Honored Contributor

тАО11-27-2003 07:21 PM

тАО11-27-2003 07:21 PM

Re: Mutiple DB's on one Cluster - Security problem

I don't exactly understand your problem:

You have multiple DB's on one Cluster.

Do you have the same Users in each database with the same passwords ?

Does the User connect via:
- sqlnet
- telnet, rlogin, ssh, ...
- applicationserver
- ...

Should the user be blocked
on the server --> firewall
on the database --> maybe logontrigger
in the application --> new application code

Please give us more information

Chris
0 Kudos
Reply
Rudi Martin
Advisor

тАО11-27-2003 07:42 PM

тАО11-27-2003 07:42 PM

Re: Mutiple DB's on one Cluster - Security problem

Hi there.

Ok , let me clarify it a bit more. We're running MFG/PRO for different plants in South Africa on the one cluster. All the plants are split by plant codes and also have the /home directory split between different plants.

All the DB's also have their own mounts under the main DB directory , but all users are on added to access everything.
Basically what I want to do is create a menu script with all plants' db's , but when one user tries to connect to any db , except their own , they shouldn't be able to.

Can this be setup with group memberships on UNIX or what other others are there ?

Thanx
0 Kudos
Reply
Christian Gebhardt
Honored Contributor

тАО11-27-2003 07:55 PM

тАО11-27-2003 07:55 PM

Re: Mutiple DB's on one Cluster - Security problem

Hi
sorry for asking again, I don't know MFG/PRO.

How does the user connect to the server, is is a unix-like login or a login via an applikationserver.

What is the criterium to decide which user should connect to which database (name, userid, ip-adress, ...)

Chris
0 Kudos
Reply
Rudi Martin
Advisor

тАО11-27-2003 08:04 PM

тАО11-27-2003 08:04 PM

Re: Mutiple DB's on one Cluster - Security problem

Basically , this is one of the options for connecting to a server...

$MFGE/mfgpro90 $MFGLIVE/a325/mfg9-0a $MFGLIVE/a325/gui9-0a $MF
GE/hlp9-0a $MFGE/cfg9-0a $MFGLIVE/a325/epm9-0a $MFGE/kbn9-0a;;

Where the variables are :
MFGE=/mnt/mfg/product/mfg9-0a
MFGLIVE=/mnt/mfg/live
MFGTEST=/mnt/mfg/test

As you can see , the /a325 shows one of the different plant codes.

Any user can connect to MFG , that's why I want to block access some other way.

Thanx
0 Kudos
Reply
Hein van den Heuvel
Honored Contributor

тАО11-28-2003 05:33 AM

тАО11-28-2003 05:33 AM

Re: Mutiple DB's on one Cluster - Security problem


As Chris wrote, this problem can be solved at many different levels. Specifically, you could easily have unix user (groups) that set up context for just one of the many db's
if your are using 'OPC' authorization in the db. And you could create usernames in Oracle.

However, before you go invent a new wheel, please be sure to triplecheck MFG/PRO provide security recommendations. If it is a half-serious application vendor it will certainly have suggestions, maybe even hard rules. Heck, I would also expect some sort of menu drives, db selector. surely you are not alone in you usage.

btw... if you were to present me as a user a menu with several options, but only one option/db allowed then that would annoy me.
If there is but one place to go... then take me there and do not show me alternatives (or at least grey them out).

I realize this does not answer you immediat question, but i hope it helps a little anyway.

Cheers,
Hein.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.