hi all

in today Scenario we are create a user (1.) baan level,(2.)oslevel(Unix),(3.)database level(Oracle).

it is Necessary to create a user all 3 level.

we don't want to create a user in database level oracle level.
is it possiable.

reply as soon as possiable

thanks

Hi,

It is very much required to create baan users in all three levels. Otherwise login will not work.


Viplov

Viplov is right ! 3 level is MUST !

If you intending to create a User that will connect to BaaN using it's own name, three levels are needed - however -

You can setup a generic user and allow the new user to connect as that generic user, especially if you are using something like Active Directory. You can have the generic user as the main account on Oracle and have the new user granted privileges to use that generic account. I believe that you can do this in the UNIX world by assigning a group to the new User that has database accessibility.

In Oracle, you can audit the new user's activities by querying for both username and osuser - this will tie the two together, but all sessions will show connection as the generic user.

This approach also can help with account cleanup if you experience higher turnover of users than normal. You remove the privilege at the Active Directory or Group stage and the new user can no longer connect through the Application to the database, but you do not have to change the Users in Oracle or BaaN. Please note that you must change most auditing schemes to reflect the osuser, not the username (since that will always be the generic User's name). Also, this may restrict easy management if you need a lot of different privilege groupings in the BaaN application.

May not work for you, but it may be a viable approach if you truly need to keep individual Users out of the Oracle database. (tighter Security for example).