Securing plsql developer

[Raj]

Is there a way to deploy plsql developer in a read-only mode by database/instance name? We don't want to change user privs but see if we can restrict update,delete,truncate or executing procedures etc using the tool.

Version 7.0.3

TIA
Raj

 

[Marco Kalter]

You can use the Authorization functionality for this, which allows you to grant PL/SQL Developer functions to roles and users. See chapter 25 in the User's Guide for detailed information.

 

[Raj]

Thanks Marco,

I implemented that, but I'd like to take it a step further. A complete read-only deployment. So, a user may log in, but can not do update/delete/truncate etc from within pl/sql developer even if those privs are available through roles etc.

is this possible?

 

[Marco Kalter]

The standard procedure for this is to use non-default roles, so that a user cannot insert/update/delete with any tools, except for authorized applications that enable these non-default roles. These roles are password protected.

 

[Raj]

Thanks,

I understand standard procedure, but I am trying to retrofit an app that has been evolving since 93.

Any other ideas?
Raj

 

[Marco Kalter]

I have no other ideas.

 

[Raj]

Thanks Marco, you have been very helpful, I am just picking your brain ...

can pl/sql developer be deployed with an authorization string that makes it read-only?

I think TOAD had that option at one time, I have long since stopped using TOAD, so don't know.

Raj

 

[Marco Kalter]

There are no authorization strings for this. The authorization is defined at the database level. This is the only way to secure things, and it may of course differ from database to database, and from user to user.