Create Profile - Disable Commands |
Source |
-- must be run as SYSTEM
{$ORACLE_HOME}\sqlplus\admin\pupbld.sql |
Data Dictionary Objects |
product_profile
product_user_profile |
SQL*Plus commands that can be disabled |
COPY |
EXIT |
QUIT |
SPOOL |
DECLARE |
GET |
RUN |
START |
EDIT |
HOST |
SAVE |
|
EXECUTE |
PASSWORD |
SET |
|
|
SQL commands that can be disabled |
ALTER |
DELETE |
NOAUDIT |
SET ROLE |
ANALYZE |
DROP |
RENAME |
SET TRANSACTION |
AUDIT |
GRANT |
REVOKE |
TRUNCATE |
CONNECT |
INSERT |
SELECT |
UPDATE |
CREATE |
LOCK |
SET CONSTRAINTS |
|
|
To disable commands |
To disable a SQL or SQL*Plus command
for a given user, insert a row containing the user's username in the USERID column, the
command name in the ATTRIBUTE column, and DISABLED in the CHAR_VALUE column.
INSERT INTO product_user_profile
VALUES
(<product_name>, <schema_name>, <SQL Command>, NULL, NULL,
'DISABLED', NULL, NULL); |
INSERT INTO system.product_user_profile
(product, userid, attribute, scope,
numeric_value, char_value, date_value, long_value)
VALUES
('SQL*Plus', 'UWCLASS', 'SELECT', NULL, NULL, 'DISABLED', NULL, NULL);
COMMIT; |
To disable a role for all users |
When you enter "PUBLIC" or "%" for the USERID column, you disable the role for all users.
During login, these table rows are translated into the command
SET ROLE ALL EXCEPT ROLE1, ROLE2 |
INSERT INTO
system.product_user_profile
(product,userid, ...)
VALUES
('SQL*PLUS', PUBLIC, ...)
or
('SQL*PLUS', '%', ...)
COMMIT; |
Disable Host Command |
To prevent shelling out to the operating system |
INSERT INTO
system.product_user_profile
(product,userid,attribute,scope,numeric_value,char_value)
VALUES
('SQL*Plus', '%', 'HOST', NULL, NULL, 'DISABLED');
COMMIT; |
|
Drop Profile - Re-enable Commands |
To re-enable commands |
Delete the row containing the restriction. |
DELETE FROM product_user_profile WHERE userid = 'UWCLASS';
|
|