Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
General
cancel
Showing results for 
Search instead for 
Did you mean: 

Mutiple DB's on one Cluster - Security problem

Rudi Martin
Advisor

Mutiple DB's on one Cluster - Security problem

Hi there

We have multiple DB's on one Cluster serving the whole of South Africa. Users from all over connects to their own DB's , but it leaves it open to access the other db's as well. Instead of setting up hundreds of menu's only allowing certain access , is there any way to block a specific userid from accessing anything besides their DB ?

THank you
6 REPLIES
Michael Schulte zur Sur
Honored Contributor

Re: Mutiple DB's on one Cluster - Security problem

Hi,

No user should be a member of the oracle dba group and then use different users in different dbs. Can you specify, how users can access other dbs?

greetings,

Michael
Christian Gebhardt
Honored Contributor

Re: Mutiple DB's on one Cluster - Security problem

I don't exactly understand your problem:

You have multiple DB's on one Cluster.

Do you have the same Users in each database with the same passwords ?

Does the User connect via:
- sqlnet
- telnet, rlogin, ssh, ...
- applicationserver
- ...

Should the user be blocked
on the server --> firewall
on the database --> maybe logontrigger
in the application --> new application code

Please give us more information

Chris
Rudi Martin
Advisor

Re: Mutiple DB's on one Cluster - Security problem

Hi there.

Ok , let me clarify it a bit more. We're running MFG/PRO for different plants in South Africa on the one cluster. All the plants are split by plant codes and also have the /home directory split between different plants.

All the DB's also have their own mounts under the main DB directory , but all users are on added to access everything.
Basically what I want to do is create a menu script with all plants' db's , but when one user tries to connect to any db , except their own , they shouldn't be able to.

Can this be setup with group memberships on UNIX or what other others are there ?

Thanx
Christian Gebhardt
Honored Contributor

Re: Mutiple DB's on one Cluster - Security problem

Hi
sorry for asking again, I don't know MFG/PRO.

How does the user connect to the server, is is a unix-like login or a login via an applikationserver.

What is the criterium to decide which user should connect to which database (name, userid, ip-adress, ...)

Chris
Rudi Martin
Advisor

Re: Mutiple DB's on one Cluster - Security problem

Basically , this is one of the options for connecting to a server...

$MFGE/mfgpro90 $MFGLIVE/a325/mfg9-0a $MFGLIVE/a325/gui9-0a $MF
GE/hlp9-0a $MFGE/cfg9-0a $MFGLIVE/a325/epm9-0a $MFGE/kbn9-0a;;

Where the variables are :
MFGE=/mnt/mfg/product/mfg9-0a
MFGLIVE=/mnt/mfg/live
MFGTEST=/mnt/mfg/test

As you can see , the /a325 shows one of the different plant codes.

Any user can connect to MFG , that's why I want to block access some other way.

Thanx
Hein van den Heuvel
Honored Contributor

Re: Mutiple DB's on one Cluster - Security problem


As Chris wrote, this problem can be solved at many different levels. Specifically, you could easily have unix user (groups) that set up context for just one of the many db's
if your are using 'OPC' authorization in the db. And you could create usernames in Oracle.

However, before you go invent a new wheel, please be sure to triplecheck MFG/PRO provide security recommendations. If it is a half-serious application vendor it will certainly have suggestions, maybe even hard rules. Heck, I would also expect some sort of menu drives, db selector. surely you are not alone in you usage.

btw... if you were to present me as a user a menu with several options, but only one option/db allowed then that would annoy me.
If there is but one place to go... then take me there and do not show me alternatives (or at least grey them out).

I realize this does not answer you immediat question, but i hope it helps a little anyway.

Cheers,
Hein.