Can a single Oracle user be bound by a given TNS? Just like: sqlplus scott/tiger@ONLYSCOTTALLOWED.
No other users used this ONLYSCOTTALLOWED db connection.
If it is possible, then please give me a solution. I am developing Web applications in PHP and want to access the only authorized Oracle single user. (This single user should have only select privileges on other users' tables.)
There are lot of Oracle users that could use this connection. So this couldn't be solved through grants or roles.
There is no permissions structure built into the TNS layer. Besides, one should not mistake obsecurity with security. By hiding the TNS connect descriptor, you may have made it more difficult for a user to connect to the database, but you have not prohibited them from doing so.
Security should be built in each layer starting with the layer closest to the data. In the case of Oracle, you should start with database security. If you have a single user that needs some special access, they should be issued their own database account with special privileges. If your client systems have static IP addresses, you may wish to consider using the sqlnet.ora parameters TCP.VALIDNODE_CHECKING, TCP.INVITED_NODES, and TCP.EXCLUDED_NODES to control which clients are allowed to connect to your listener.
The only solution to preserve security in your case is by using appropriate database grants or roles. Anything else will not sufficiently protect your data. Generally speaking, it is bad practice to share database accounts between multiple users. You've paid for a product that includes considerable security measures, but you have to use them to protect yourself!
Dig Deeper on Oracle database security
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.