Previous Topic

Book Contents

Book Index

Next Topic
Notes and Recommendations

Notes:

  • Please note that Method 1 can currently be used for Oracle database platform only. Support for other platforms can be added upon request.
  • The methods work both for Valuemation web and rich client.
  • For a double dose of security, Method1 and Method2 can be combined.
  • The tools and auxiliary files used to implement the methods can be found in the /tools/dbauthorization subdirectory within Valuemation installation root directory.

Recommendations:

  • For security reasons it is recommended to re-generate the 'AMT_Info' table periodically (e.g. once a week).
  • After implementing Method1, consider making sure that the 'Init User' really gets its database rights dynamically from the database role, i.e. that the user itself has not accidentally obtained full rights.

    Try the following:

    • Make sure all catalogs and BOViews are closed.
    • Logon to a database tool as the Valuemation database schema owner.
    • Revoke rights on a database table (e.g. AMA_System) from database authorization role.

      Run SQL statement (substitute 'FAR' with the name of your full access role).

revoke SELECT, INSERT, UPDATE, DELETE on AMA_SYSTEM from FAR;

  • Try to open a catalog based on the database affected table (e.g. Systems).

    The catalog should open without any data and you should get an exception (both on the screen and in the log).

  • Give the revoked rights back to the authorization role.

    Run SQL statement (substitute 'FAR' with the name of your full access role).

grant SELECT, INSERT, UPDATE, DELETE on AMA_SYSTEM to FAR;

  • Try to open the catalog again.

    It should be possible to see all catalog data without any exception.

See Also

M1: Rights Provided Via Encrypted Database Role

S1: Create a database role with a full set of rights

S2: Create a database user generating the authorization data

S3: Create a database user with limited set of rights

S4: Generate the authorization data