3 Replies Latest reply: Jan 9, 2012 4:32 PM by 69389 RSS

    DATABASE ACCOUNT Authentication Scheme and privileges

    ouadah
      Hello,

      I am using APEX4 and I have got the following problem :

      i created an application with Authentication Scheme is DATABASE ACCOUNT, because i want to use DATABASE privilèges attributed to users.

      authentification works correctly with database authentification, but privileges not works,

      I created one user with 'Grant select' priviliges on all DATABASE OBJECTS, i fiund that this user can insert and update data !!!!

      I didn't understand what happens.

      Did APEX take in charge DATABASE privileges ????

      Thanx.
        • 1. Re: DATABASE ACCOUNT Authentication Scheme and privileges
          267677
          Hi - using the DATABASE ACCOUNT method, authentication will consist of checking that the username and password entered will give access to a database user account. That authenticates the user, ie it gets them in the front door, but once they're in, the application will still be running with the privileges of the database schema defined for the application.

          The database privileges of the user which the user has used to authenticate will not have any bearing on how the application runs.

          regards
          Andrew
          • 2. Re: DATABASE ACCOUNT Authentication Scheme and privileges
            ouadah
            Thanx for your response,

            I give you this scenario:

            create my table "T" in database schemas called "leak".
            create a user RABIA with connect and resource privilages.
            access to leak shemas and grant select on table T to user RABIA.

            Crate à form page in my application, and make authentification as ACCOUNT DATABASE.

            when i run application and use RABIA user to authentificate, it works correctly.

            when i try to add Rows to the table "T", logicaly, it woold show me an error because the user RABIA don't have INSERT and update privileges.

            But the problem in my case, it accept rows and data is insered in table T.


            Realyy, didn't undertand.

            Regards,

            ouadah.
            • 3. Re: DATABASE ACCOUNT Authentication Scheme and privileges
              69389
              I guess what Andrew is saying is that the Schema which holds the workspace for your Application has all the necessary privs to insert/update/delete data.
              That is what matters.

              Dhiren