Hi!

Can I use with this application the database permissions, like row level securities, object privileges?

We set up all of the permissions in the Oracle Database (no application level): all users named in the database. So, we use the "authid current_user" packages.

This framework can works thus?

Thanks,

Tibor

asked 24 Aug '11, 04:42

Tibor's gravatar image

Tibor
111
accept rate: 0%


Hi Tibor,

Unfortunately, this is not possible in the current release of Formspider.

link

answered 24 Aug '11, 05:25

Yalim%20K.%20Gerger's gravatar image

Yalim K. Gerger ♦♦
1914
accept rate: 20%

Hi Yalim,

I'm so sad about it, because it is so important for us. Our users use the Database with different client (like native SQL, ODBC, web client etc.) with one security system. It is very important for us.

It will be possible in the future? Can you feedback me about it?

thanks

Tibor

(24 Aug '11, 06:47) Tibor

Tibor,

Please see my answer below.

(25 Aug '11, 12:08) Yalim K. Gerger ♦♦

Tibor,

If there are API's to query your security repository, it is possible to integrate it with Formspider. I think we have to look more closely at how you implemented your security and think of way to integrate it into Formspider applications.

link

answered 25 Aug '11, 12:07

Yalim%20K.%20Gerger's gravatar image

Yalim K. Gerger ♦♦
1914
accept rate: 20%

Yalim, Our security is so complex and it is works perfectly and based on the Database features. We haven't got our repository but we can read the repository. for example: SELECT * from DBA_POLICIES; / (you can see here, what package and function grantee the row level securities) / SELECT * from sys.table_privileges; we have some views what contains condition: select ... from fact_table a, priv_table b where ... and a.xx_column = b.xx_column and b.user_code = user

our securities based on roles and user privileges. Now we use "authid current_user" packages and parse the Ora error codes

(25 Aug '11, 23:54) Tibor

Yalim,

... And we use the database "fined grained audit" too. you can see that here:

http://www.oracle-base.com/articles/10g/DatabaseSecurityEnhancements10g.php#fga

so we have to log into the database by the real user and we have to run the select by the real user, no technical user.

(26 Aug '11, 05:22) Tibor

Tibor, We had a meeting about this issue today. We are optimistic that we can solve this problem. Here is what we need from you. Could you please build a very simple form that demonstrates how you implement security with one or two examples. In order to make it all work here locally, we will need the form fmb and the DDL's to set up the test users, grants etc...We understand what you with your security, but we want to test with the exact scenario. Could you please provide a form and the necessary DDL's to replicate a test case here locally?

(26 Aug '11, 12:16) Yalim K. Gerger ♦♦

Sorry, I didn't see that in the last two days. I'll write examples today or tomorrow.

(28 Aug '11, 23:13) Tibor

Yalim,

could you give me your e-mail address? The character numbers not enough here for my script.

(31 Aug '11, 04:36) Tibor

yalim.gerger at gerger.co

(01 Sep '11, 09:31) Yalim K. Gerger ♦♦
showing 5 of 6 show 1 more comments

Hi Tibor,

My email is yalim.gerger at gerger.co

link

answered 03 Sep '11, 03:22

Yalim%20Gerger's gravatar image

Yalim Gerger ♦♦
1.8k5
accept rate: 15%

Hi Yalim

I’m also using database login, grants, roles, and session to control security in my application. Therefore I’m wondering if this issue has been solved or is going to be supported in the near future.

Regards

Arnar Dagsson

link

answered 01 May '13, 05:43

ArnarDagsson's gravatar image

ArnarDagsson
115
accept rate: 0%

Hi Arnar,

No. As far as I remember Tibor never sent me the email I was waiting from him.

A setup as described in this thread is technically possible but this is not what Formspider uses out of the box.

In Formspider there is a pool of database sessions (like 10 or 20 DB sessions) which are shared between users that are accessing application built with Formspider. So each DB session may serve multiple users.

In the setup described in this thread, each user connects with its own database user which essentially is a DB session and this DB session cannot be shared between different users.

Technically Formspider can be setup running this way. This is rather an old way building applications. Pooling of sessions make better use of resources. So we don't intend to support the architecture specified in this thread unless a professional support customer specifically asks for it.

link

answered 02 May '13, 04:19

Yalim%20Gerger's gravatar image

Yalim Gerger ♦♦
1.8k5
accept rate: 15%

Unless I'm reading this requirement wrong, some of what is required here will work just fine with FS, specifically row-level security.

RLS (and CLS) in Oracle is implemented as VPD's and VPD's apply to the database regardless of what client is used to access the data (unless of course you are accessing the data as SYS where VPD's are ignored).

The only part of using a VPD that might require some additional thought for the developer is as it relates to "context" and how best to set it via FS.

I agree with Yalim on connection pooling, it is the modern way to build multi-tier/multi-user enterprise applications and it promotes improved scalability.

Regards,

Craig.

link

answered 02 May '13, 05:28

Craig's gravatar image

Craig
1.1k139
accept rate: 6%

Hi

I also agree with Yalim when he says that this is an old way of building application. But one of the reason why I´m looking at Formspider is to replace the GUI of an older FORMS application with something less cost effective and with some future aspect.

All the business logic of this application is written in Pl/Sql and I don’t want to worry about that aspect right now in in that code there are a lot of use of the local Oracle variable “user” both to keep track on revision and history, as controlling user rights both on Forms objects as menus and forms as on database objects. In the future it would be preferable to use techniques as “sys_context” or similar but right now I don’t want to worry about the business logic, I’m only after changing the interface.

Regards

Arnar Dagsson

link

answered 02 May '13, 10:57

ArnarDagsson's gravatar image

ArnarDagsson
115
accept rate: 0%

Hi Arnar,

I see your point. Please allow me to summarize and reiterate what needs to be done to support your requirement:

To support your requirement, we need to update Formspider so that it can assign one DB session to each user. This is possible to implement. I think Frank from Germany also asked a similar question here: http://osqa.theformspider.com/questions/1228/general-development-question

(02 May '13, 11:05) Yalim ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×1

Asked: 24 Aug '11, 04:42

Seen: 2,839 times

Last updated: 02 May '13, 11:05

Related questions


© Copyright Gerger 2017