Title: Feature request - Oracle proxy authentication connections Post by: David H. on January 20, 2016, 10:47:00 am Hi all,
I have a feature request for Oracle ODI and proxy authentication connections. From what I can tell these are not supported by the CONNECT TO command currently, so I was wondering how feasible it would be to build support into Genero for this feature? The background for this is that currently we use an app_owner account to simulate an Informix database. Users connect as individual Oracle internal users and we ALTER TABLE SET CURRENT_SCHEMA to the app_owner user. It works great but users need ANY * privileges, which causes security exemptions at some of our bigger customers. It has been suggested by various Oracle DBA’s that we should be using proxy authentication… http://docs.oracle.com/cd/E25054_01/network.1111/e16543/authentication.htm http://www.pythian.com/blog/the-power-of-the-oracle-database-proxy-authenticated-connections/ http://www.dba-oracle.com/t_proxy_connect_authentication.htm Apparently this was first added in Oracle 10gR2... == working as DBA SQL> CREATE USER app_owner IDENTIFIED BY vVukjkcCuIooCd1 DEFAULT TABLESPACE datadbs; User created. SQL> GRANT CONNECT, RESOURCE TO app_owner; Grant succeeded. SQL> ALTER USER app_owner QUOTA UNLIMITED ON datadbs; User altered. SQL> CREATE USER app_user IDENTIFIED BY J0K3MAWy6XiNOhZ DEFAULT TABLESPACE datadbs; User created. SQL> GRANT CONNECT TO app_owner; Grant succeeded. SQL> ALTER USER app_owner GRANT CONNECT THROUGH app_user; User altered. == working as app_owner SQL> CONNECT app_owner/vVukjkcCuIooCd1 SQL> CREATE TABLE app_tab_1 (id integer, dsc varchar2(30)); Table created. SQL> INSERT INTO app_tab_1 VALUES (1, 'A'); 1 row created. SQL> COMMIT; Commit complete. == connecting as app_user, working as app_owner SQL> CONNECT app_user[app_owner]/J0K3MAWy6XiNOhZ Connected. SQL> INSERT INTO app_tab_1 VALUES (2, 'B'); 1 row created. SQL> COMMIT; Commit complete. Kind regards, David Title: Re: Feature request - Oracle proxy authentication connections Post by: Bernard M. on January 21, 2016, 02:17:04 pm Hi David,
This has been registered as FGL-4215 ('Support Oracle proxy authentication') and it is being analyzed by the dev team. Communication will be made through the support case that has been created. Regards, Bernard |