Skip to main content

Oracle

Installing Siebel Tools To Be Read-Only

Recently, we had a requirement to create an installation of Siebel Tools that would run against the server database and be READ_ONLY with no ability to change the user that had WRITE privileges. The users of this machine knew the password for SADMIN, and also had the ability to create a new user that had READ/WRITE privileges.

Was meeting this requirement possible? Yes!

Here are the steps:

  • Create in the Oracle database, an account READ_ONLY.
  • Create a new role SSE_READONLY that was a copy of SSE_ROLE but only had select privileges. Note, you have to be careful and make sure that SSE_READONLY had access to ALL the tables that SSE_ROLE does.
  • GRANT SSE_READONLY TO READ_ONLY

Here is a screenhot that shows you are able to log into Siebel Tools using READ_ONLY:

 

Here is a screenshot that shows you can view all objects:

 

Here is a screenshot that shows what happens if you attempt to update an object:

 

Oracle - Guide to Oracle Cloud: 5 Steps to Ensure a Successful Move to the Cloud
Guide to Oracle Cloud: 5 Steps to Ensure a Successful Move to the Cloud

Explore key considerations, integrating the cloud with legacy applications and challenges of current cloud implementations.

Get the Guide

So, that is 50% of the task. Now, how do I prevent someone from logging in as a different user?

There are likely many ways of doing this, but I chose to use a database trigger:

CREATE OR REPLACE TRIGGER DENY_LOGIN

AFTER LOGON ON DATABASE

DECLARE

BEGIN

IF ( sys_context(‘USERENV’,’IP_ADDRESS’) <> ‘192.168.1.3’) and USER <> ‘READ_ONLY’

THEN

raise_application_error( -20001, ‘Connection not authorised on this workstation’ );

END IF;

EXCEPTION

WHEN OTHERS THEN

RAISE;

END;

/

 

This is what happens if try to log in using SADMIN:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Rene Schmidt

With 20 years of life sciences experience and 10 of working with Siebel, Rene is a Lead Technical consultant @ Perficient. Originally from Montreal, PQ, Rene now resides in Augusta, GA.

More from this Author

Follow Us