This content has been marked as final. Show 3 replies
Hi - using the DATABASE ACCOUNT method, authentication will consist of checking that the username and password entered will give access to a database user account. That authenticates the user, ie it gets them in the front door, but once they're in, the application will still be running with the privileges of the database schema defined for the application.
The database privileges of the user which the user has used to authenticate will not have any bearing on how the application runs.
Thanx for your response,
I give you this scenario:
create my table "T" in database schemas called "leak".
create a user RABIA with connect and resource privilages.
access to leak shemas and grant select on table T to user RABIA.
Crate à form page in my application, and make authentification as ACCOUNT DATABASE.
when i run application and use RABIA user to authentificate, it works correctly.
when i try to add Rows to the table "T", logicaly, it woold show me an error because the user RABIA don't have INSERT and update privileges.
But the problem in my case, it accept rows and data is insered in table T.
Realyy, didn't undertand.
I guess what Andrew is saying is that the Schema which holds the workspace for your Application has all the necessary privs to insert/update/delete data.
That is what matters.