0 Replies Latest reply: Dec 19, 2012 11:28 AM by jeff81 RSS

    How to restrict grant connect through with Data Vault

    jeff81
      I need to restrict the ability to grant proxy privileges in the database. This is the statement: alter user USER_A grant connect through USER_B;

      I tried creating this rule that looks at the sql text for %CONNECT THROUGH% in the statement and then added it to the "Can Maintain Own Account" Rule Set which is attached to the Alter System command but it doesn't appear to be working. How can I get this working? Is my rule that I created correct. Ultimately what I want to do is allow proxies to be created for most users but just restrict only certain special users.
      BEGIN
      dbms_macadm.delete_rule(rule_name => 'NO_PROXY_PRIVILEGES');
      DBMS_MACADM.CREATE_RULE(rule_name => 'NO_PROXY_PRIVILEGES',
      rule_expr => 'INSTR(UPPER(DVSYS.DV_SQL_TEXT),''%CONNECT THROUGH%'') = 0');
      END;
      I am running Oracle 11.2.0.2 Enterprise on Windows Server 2008R2
      Thank you.