user576726 wrote:The issue appears to be not so much with Toad, SQL*PLUS and other tools so much as absolutely forcing users to use your interface for proper processing. This should be possible through careful planning and assignment of schema privileges.
I have developed my tool using forms 10g. And this is being used by a lot of users having different oracle userid.
Obviously I have to give them access to database objects like select,insert, update, delete, execute etc.
If the user logs in using TOAD, he/she can tamper the data (because business logics are there in forms).
He/She may insert data in a table without using the sequence (suppose primary key is based on a sequence). Later when some ohter user inserts data using the forms, it may throw primary key error.
users (non skilled) may exucute a query or statement that may cause locks to some important database objects. That may degrade the performance.
he/she may create unnecessary database object in the database.
I don't want them to access database using any ohter connectivity like jdbc etc and many more......
ajallen wrote:I like that better than my answer - if it works as expected :)
Here is what I would do.
1. Create a default role for the users. Grant it minimum privileges, like select on certain tables.
2. Revoke table privileges from the users.
3. Grant that default role to the users. That way they can do reports and ad hoc queires all they like.
4. Create a password protected role for the application to use when doing CRUD.
5. Modify the application so that on connect it grants that role to the user's session.