<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body link="#355491" alink="#4262a1" vlink="#355491" style="background: #e2e2e2; margin: 0; padding: 20px;">
<div>
<table cellpadding="0" bgcolor="#FFFFFF" border="0" cellspacing="0" style="border: 1px solid #dadada; margin-bottom: 30px; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td>
<table border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="border: solid 2px #ccc; background: #dadada; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td bgcolor="#000000" valign="middle" height="58px" style="border-bottom: 1px solid #ccc; padding: 20px; -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -webkit-border-top-right-radius: 5px; -webkit-border-top-left-radius: 5px;">
<h1 style="color: #333333; font: bold 22px Arial, Helvetica, sans-serif; margin: 0; display: block !important;">
<!-- To have a header image/logo replace the name below with your img tag -->
<!-- Email clients will render the images when the message is read so any image -->
<!-- must be made available on a public server, so that all recipients can load the image. -->
<a href="http://community.jboss.org/index.jspa" style="text-decoration: none; color: #E1E1E1">JBoss Community</a></h1>
</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="font: normal 12px Arial, Helvetica, sans-serif; color:#333333; padding: 20px; -moz-border-radius-bottomleft: 4px; -moz-border-radius-bottomright: 4px; -webkit-border-bottom-right-radius: 5px; -webkit-border-bottom-left-radius: 5px;"><h3 style="margin: 10px 0 5px; font-size: 17px; font-weight: normal;">
Datasource security
</h3>
<span style="margin-bottom: 10px;">
created by <a href="http://community.jboss.org/people/kilyas">Khurram Chaudhry</a> in <i>Datasource Configuration</i> - <a href="http://community.jboss.org/message/554875#554875">View the full discussion</a>
</span>
<hr style="margin: 20px 0; border: none; background-color: #dadada; height: 1px;">
<div class="jive-rendered-content"><p>Like any normal application running on JBoss I am using JBoss managemed datasources in the applications running on the app server for DB interaction.  It has been working fine till now when we came across a new requirement.  The new requirement is such that not all the users should have the permissions to update the data, e.g</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>A user John logs into an application running on JBoss and requests some information from the database.  Now once the data is returned to him not only does he have the permissions to view it but he could also delete/update the information.  While when another person Bob might just view the information.  So apparently I would to ensure that the connections established with the database in these cases should be as themselves and these users' permissions should be defined in the database while creating these users.  Apparently in such a case we might be bypassing the connection pool(please correct me if I am wrong).  Also is there a way to define such a connection in the datasource xml file where the username/password information is left to the application level?</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Secondly we have generic accounts defined in the datasource file.  These accounts have read/write priviliges to the DB.  e.g boatrade/password has beed defined in the ds file as follows:-</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><strong><local-tx-datasource><br/>    <jndi-name>TradeTestOracleDS</jndi-name><br/>    <connection-url>jdbc:oracle:thin:@trmpd_pkg.bankers.com:1521:trmpd</connection-url><br/>    <driver-class>oracle.jdbc.driver.OracleDriver</driver-class><br/>    <max-pool-size>100</max-pool-size><br/>    <user-name>boatrade</user-name><br/>    <password>test</password><br/>    <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name><br/>    <metadata><br/>      <type-mapping>Oracle9i</type-mapping><br/>    </metadata><br/>  </local-tx-datasource></strong></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Since this datasource is defined in the ds file is there a way in JBoss to ensure that this ds is only used for select statements and no updates/deletes are performed using this ds?  Or that only these set of applications can use this datasource and nobody else has access to this DS?</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Thanks in advance.</p></div>
<div style="background-color: #f4f4f4; padding: 10px; margin-top: 20px;">
<p style="margin: 0;">Reply to this message by <a href="http://community.jboss.org/message/554875#554875">going to Community</a></p>
<p style="margin: 0;">Start a new discussion in Datasource Configuration at <a href="http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2077">Community</a></p>
</div></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>