3 Replies Latest reply on Jan 9, 2012 10:32 PM by 69389

    DATABASE ACCOUNT Authentication Scheme and privileges


      I am using APEX4 and I have got the following problem :

      i created an application with Authentication Scheme is DATABASE ACCOUNT, because i want to use DATABASE privilèges attributed to users.

      authentification works correctly with database authentification, but privileges not works,

      I created one user with 'Grant select' priviliges on all DATABASE OBJECTS, i fiund that this user can insert and update data !!!!

      I didn't understand what happens.

      Did APEX take in charge DATABASE privileges ????

        • 1. Re: DATABASE ACCOUNT Authentication Scheme and privileges
          Hi - using the DATABASE ACCOUNT method, authentication will consist of checking that the username and password entered will give access to a database user account. That authenticates the user, ie it gets them in the front door, but once they're in, the application will still be running with the privileges of the database schema defined for the application.

          The database privileges of the user which the user has used to authenticate will not have any bearing on how the application runs.

          • 2. Re: DATABASE ACCOUNT Authentication Scheme and privileges
            Thanx for your response,

            I give you this scenario:

            create my table "T" in database schemas called "leak".
            create a user RABIA with connect and resource privilages.
            access to leak shemas and grant select on table T to user RABIA.

            Crate à form page in my application, and make authentification as ACCOUNT DATABASE.

            when i run application and use RABIA user to authentificate, it works correctly.

            when i try to add Rows to the table "T", logicaly, it woold show me an error because the user RABIA don't have INSERT and update privileges.

            But the problem in my case, it accept rows and data is insered in table T.

            Realyy, didn't undertand.


            • 3. Re: DATABASE ACCOUNT Authentication Scheme and privileges
              I guess what Andrew is saying is that the Schema which holds the workspace for your Application has all the necessary privs to insert/update/delete data.
              That is what matters.