Disabling SQL*Plus, SQL, and PL/SQL Commands
Numeric_Value |
SQL*Plus ignores this column. It is recommended that you |
|
enter NULL in this column. Other products may store |
|
numeric values in this column. |
Char_Value |
Must contain the character string “DISABLED” to disable a |
|
SQL, SQL*Plus, or PL/SQL command. If you are disabling a |
|
role, it must contain the name of the role you wish to disable. |
|
You cannot use a wildcard. |
Date_Value |
SQL*Plus ignores this column. It is recommended that you |
|
enter NULL in this column. Other products may store DATE |
|
values in this column. |
Long_Value |
SQL*Plus ignores this column. It is recommended that you |
|
enter NULL in this column. Other products may store LONG |
|
values in this column. |
PUP Table Administration
The DBA username SYSTEM owns and has all privileges on the PUP table. Other Oracle usernames should have only SELECT access to this table, which allows a view of restrictions of that username and those restrictions assigned to PUBLIC. The command file PUPBLD.SQL, when run, grants SELECT access on the PUP table to PUBLIC.
Disabling SQL*Plus, SQL, and PL/SQL Commands
To disable a SQL or SQL*Plus command for a given user, insert a row containing the user’s username in the Userid column, the command name in the Attribute column, and DISABLED in the Char_Value column.
The Scope, Numeric_Value, and Date_Value columns should contain NULL. For example:
PRODUCT |
USERID |
ATTRIBUTE |
SCOPE |
NUMBERIC |
CHAR |
DATE |
|
|
|
|
VALUE |
VALUE |
VALUE |
------- |
------ |
--------- |
----- |
-------- |
------ |
----- |
SQL*Plus |
HR |
HOST |
|
|
DISABLED |
|
SQL*Plus |
% |
INSERT |
|
|
DISABLED |
|
SQL*Plus |
% |
UPDATE |
|
|
DISABLED |
|
SQL*Plus |
% |
DELETE |
|
|
DISABLED |
|
To re-enable commands, delete the row containing the restriction.
B-4 iSQL*Plus User’s Guide and Reference
Disabling SQL*Plus, SQL, and PL/SQL Commands
You can disable the following SQL*Plus commands:
COPY |
SET (see note below) |
EXECUTE |
START |
RUN |
|
Note: Disabling the SQL*Plus SET command will also disable the SQL SET ROLE and SET TRANSACTION commands. Disabling the SQL*Plus START command will also disable the SQL*Plus @ and @@ commands.
You can also disable the following SQL commands:
ALTER |
LOCK |
ANALYZE |
NOAUDIT |
AUDIT |
RENAME |
CONNECT |
REVOKE |
CREATE |
SELECT |
DELETE |
SET ROLE |
DROP |
SET TRANSACTION |
GRANT |
TRUNCATE |
INSERT |
UPDATE |
You can also disable the following PL/SQL commands:
BEGIN |
DECLARE |
Note: Disabling BEGIN and DECLARE does not prevent the use of the SQL*Plus EXECUTE command. EXECUTE must be disabled separately.
Security B-5