Linker IT Software
Google
Web www.oraxcel.com
menubar-top-links menubar-top-rechts
Home Help Search Login
Welcome, Guest. Please Login.
SQL*XL: Database to Excel bridge litLIB: Excel power functions pack ExcelLock: Locking and securing your valuable Excel spreadsheets encOffice: Protect your Excel file easy and safe encOffice: Protect your Excel file easy and safe
Pages: 1
SQL*XL security (Read 1835 times)
Gerrit-Jan Linker
YaBB Administrator
*****




Posts: 75
SQL*XL security
03.12.08 at 21:35:32
 
SQL*XL security
 
I am currently evaluating the above tool but would like to ask a few questions on security.
 
Quote:
a) How is the security ?

Can user access the tables through their application roles ?

When we compare it to the microsoft query, to extract the oracle database, user could not run as they do not have any select tables rights. They are only given role rights and the role rights are not set except in the forms and reports.

 
The security is done through privileges on the database objects as configured in the database. The software does not maintain a connection 'under water' to get extra privileges.  
 
If you configure the database user to only have access to particular tables this will work fine in our software.  
 
Best thing is to try it yourself just revoke the access to a particular table and verify that you cannot query it anymore.  
 
Quote:
b) The product also states that it can update back to the database .

These feature is good but also dangerous. How can we ensure that the correct rights is given and the source of update is handled.

 
For updating you can do the same. Revoke update privileges and you will see that our software can no longer apply the updates.  
 
Finally, a security toolkit is available with which you can take away features from the product. You can remove menu items and toolbar buttons from SQL*XL so the user cannot start particular screens anymore. You can also limit things at the SQL level. You can e.g. only allow select statements to be executed.
 
 
I would appreciate it if you could reply me. Thank you.  
 
Back to top
 
 

Gerrit-Jan Linker
Linker IT Software
Email WWW Gerrit-Jan Linker   IP Logged
Pages: 1