- •Contents
- •Send Us Your Comments
- •Preface
- •1 Introduction to iSQL*Plus
- •What is iSQL*Plus?
- •iSQL*Plus Architecture
- •iSQL*Plus User Interface
- •Oracle HTTP Server
- •Oracle9i
- •2 Configuring iSQL*Plus
- •System Requirements
- •Web Browser (client tier)
- •Oracle HTTP Server (middle tier)
- •Oracle9i (database tier)
- •Installation
- •Configuring the Client Tier
- •Adding MIME Types
- •Adding Proxy Server Exceptions
- •Configuring the Middle Tier
- •Configuring the iSQL*Plus Server
- •Defining a Connection Identifier
- •Setting the iSQL*Plus Session TimeOut
- •Changing the Default Cascading Style Sheet
- •Enabling or Disabling iSQL*Plus
- •Configuring the Oracle HTTP Server
- •Testing the Oracle HTTP Server Configuration File
- •Starting and Stopping the Oracle HTTP Server
- •Configuring the Database Tier
- •iSQL*Plus Security
- •Using Administration Privileges
- •Enabling User Security
- •Adding Entries to an Oracle HTTP Server Authentication File
- •Logging In Using Oracle HTTP Server Authentication
- •Security Usage Notes
- •Configuring Globalization Support
- •Web Browser - client tier:
- •Oracle HTTP Server - middle tier:
- •Oracle9i - database tier:
- •3 The iSQL*Plus User Interface
- •The iSQL*Plus Log In Screen
- •Help Icon
- •Username:
- •Password:
- •Connection Identifier:
- •Privilege:
- •Clear
- •The iSQL*Plus Work Screen
- •Password Icon
- •Log Out Icon
- •Help Icon
- •Enter statements:
- •Script location:
- •Browse...
- •Load Script
- •Execute:
- •Output:
- •Clear Screen
- •Save Script
- •The Change Password Screen
- •Help Icon
- •Username:
- •Old password:
- •New password:
- •Retype new password:
- •Change Password
- •Clear
- •Cancel
- •4 Using iSQL*Plus
- •Running iSQL*Plus
- •Entering Statements
- •Loading Scripts
- •Entering Substitution Variables
- •The Define Substitution Variables Screen
- •Password Icon
- •Log Out Icon
- •Help Icon
- •Define Substitution Variables
- •Submit for Execution
- •Cancel
- •Creating Dynamic Reports
- •Using SET and COLUMN Commands
- •Getting Help
- •Exiting iSQL*Plus
- •5 Command Reference
- •SQL*Plus Command Summary
- •@ (“at” sign)
- •@@ (double “at” sign)
- •/ (slash)
- •ARCHIVE LOG
- •ATTRIBUTE
- •BREAK
- •BTITLE
- •CLEAR
- •COLUMN
- •COMPUTE
- •CONNECT
- •COPY
- •DEFINE
- •DESCRIBE
- •DISCONNECT
- •EXECUTE
- •HELP
- •LIST
- •PROMPT
- •RECOVER
- •REMARK
- •REPFOOTER
- •REPHEADER
- •SHOW
- •SHUTDOWN
- •START
- •STARTUP
- •TIMING
- •TTITLE
- •UNDEFINE
- •VARIABLE
- •WHENEVER OSERROR
- •WHENEVER SQLERROR
- •SQL*Plus Error Messages and Codes
- •iSQL*Plus Error Messages
- •COPY Command Messages
- •PRODUCT_USER_PROFILE Table
- •Creating the PUP Table
- •PUP Table Structure
- •Description and Use of PUP Columns
- •PUP Table Administration
- •Disabling SQL*Plus, SQL, and PL/SQL Commands
- •Creating and Controlling Roles
- •Disabling SET ROLE
- •Disabling User Roles
- •Glossary
- •Index
PRODUCT_USER_PROFILE Table
PRODUCT_USER_PROFILE Table
Various Oracle products use the PRODUCT_USER_PROFILE (PUP) table, a table in the SYSTEM account, to provide product-level security that supplements the user-level security provided by the SQL GRANT and REVOKE commands and user roles.
DBAs can use the PUP table to disable certain SQL and SQL*Plus commands in the SQL*Plus environment on a per-user basis. SQL*Plus—not Oracle—enforces this security. DBAs can even restrict access to the GRANT, REVOKE, and SET ROLE commands to control users’ ability to change their database privileges.
SQL*Plus reads restrictions from the PUP table when a user logs in to SQL*Plus and maintains those restrictions for the duration of the session. Changes to the PUP table will only take effect the next time the affected users log in to SQL*Plus.
When SYSTEM, SYS, or a user authenticating with AS SYSDBA or AS SYSOPER privileges connects or logs in, SQL*Plus does not read the PUP table. Therefore, no restrictions apply to these users.
The PUP table applies only to the local database. If accessing objects on a remote database via a database link, the PUP table for the remote database does not apply. The remote database cannot extract the username and password from the database link in order to determine that user’s profile and privileges.
Creating the PUP Table
You can create the PUP table by running the command file named PUPBLD with the extension SQL as SYSTEM. The exact format of the file extension and the location of the file are system dependent. See the Oracle installation and user’s manual(s) provided for your operating system or your DBA for more information.
Note: If the table is created incorrectly, all users other than privileged users will see a warning when connecting to Oracle that the PUP table information is not loaded.
B-2 iSQL*Plus User’s Guide and Reference
PRODUCT_USER_PROFILE Table
PUP Table Structure
The PUP table has the following columns:
PRODUCT |
NOT NULL CHAR (30) |
USERID |
CHAR(30) |
ATTRIBUTE |
CHAR(240) |
SCOPE |
CHAR(240) |
NUMERIC_VALUE |
NUMBER(15,2) |
CHAR_VALUE |
CHAR(240) |
DATE_VALUE |
DATE |
LONG_VALUE |
LONG |
Description and Use of PUP Columns
Refer to the following list for the descriptions and use of each column in the PUP table:
Product |
Must contain the product name (in this case "SQL*PLUS"). |
|
You cannot enter wildcards or NULL in this column. |
Userid |
Must contain the username (in uppercase) of the user for |
|
whom you wish to disable the command. To disable the |
|
command for more than one user, use SQL wild cards (%) or |
|
make multiple entries. Thus, all of the following entries are |
|
valid: |
■
■
■
HR
CLASS1
CLASS% (all users whose names start with CLASS)
|
■ % (all users) |
Attribute |
Must contain the name (in uppercase) of the SQL, SQL*Plus, |
|
or PL/SQL command to disable (for example, RUN). If you |
|
are disabling a role, it must contain the character string |
|
“ROLES”. You cannot enter a wildcard. See the section "PUP |
|
Table Administration" later in this chapter for a list of SQL |
|
and SQL*Plus commands you can disable. |
Scope |
SQL*Plus ignores this column. It is recommended that you |
|
enter NULL in this column. Other products may store specific |
|
file restrictions or other data in this column. |
Security B-3