Database Reference
In-Depth Information
m_err_txt := SQLERRM;
app_sec_pkg.p_log_error( m_err_no, m_err_txt,
' p_create_template_class' );
END p_create_template_class;
To make this button work, there are requirements. The owner of the appsec_admin_pkg package, that
is the appsec user, must be able to create Java classes. For that, we have to grant the CREATE PROCEDURE
system privilege to appsec . Also she must also be able to select from the data dictionary view,
sys.all_java_classes , to see what classes already exist. We do this as SYS user on the apver instance:
GRANT CREATE PROCEDURE TO appsec;
GRANT SELECT ON sys.all_java_classes TO APPSEC;
Tables of Specific Application Administrators and Application to
Class Registry
At some point we are going to want to delegate administration of certain applications to one person, and
other applications to another person—and we will not want them to have access to administer each
other's applications. That eventual goal, which we will accomplish later in this chapter, is the reason that
we are going to build the appsec.t_application_admins table. The definition of t_application_admins is
given in Listing 12-46. It is simply a list of OS user names that are allowed to manage specific application
inner class names. It is the lists of Oracle connection strings represented by those application inner
classes that we are intending to protect.
Note These tables are only needed on the apver instance.
Listing 12-46. Application Administrators Table
CREATE TABLE appsec.t_application_admins
(
-- match appsec.t_app_conn_registry.class_name
class_name VARCHAR2(2000) NOT NULL,
-- match hr.emp_mobile_nos.user_id
user_id VARCHAR2(20) NOT NULL
);
/
CREATE UNIQUE INDEX application_admins_pk ON appsec.t_application_admins
( class_name, user_id );
ALTER TABLE appsec.t_application_admins ADD (
CONSTRAINT application_admins_pk
PRIMARY KEY
( class_name, user_id )
USING INDEX application_admins_pk
 
Search WWH ::




Custom Search