OraclePermission Class

An OraclePermission object enables ODP.NET to enforce imperative security and helps ensure that a user has a security level adequate for accessing data.

Class Inheritance

  System.Object

    System.Security.CodeAccessPermission

      System.Data.Common.DBDataPermission

        Oracle.DataAccess.Client.OraclePermission

Declaration

// ADO.NET 2.0: C#
public class OraclePermission: DBDataPermission

Thread Safety

All public static methods are thread-safe, although instance methods do not guarantee thread safety.

Requirements

Namespace: Oracle.DataAccess.Client

Assembly: Oracle.DataAccess

ODP.NET Version: ODP.NET for .NET Framework 2.0 or ODP.NET for .NET Framework 4


OraclePermission Members

OraclePermission members are listed in the following tables.

OraclePermission Constructors

The OraclePermission constructor is listed in Table 5-87.

Table 5-87 OraclePermission Constructor

Constructor Description

OraclePermission Constructor

Instantiates a new instance of the OraclePermission class.


OraclePermission Static Methods

The OraclePermission static methods are listed in Table 5-88.

Table 5-88 OraclePermission Static Methods

Static Method Description

Equals

Inherited from System.Object

ReferenceEquals

Inherited from System.Object

RevertAll

Inherited from CodeAccessPermission

RevertAssert

Inherited from CodeAccessPermission

RevertDeny

Inherited from CodeAccessPermission

RevertPermitOnly

Inherited from CodeAccessPermission


OraclePermission Public Properties

The OraclePermission public methods are listed in Table 5-92.

Table 5-89 OraclePermission Public Properties

Public Properties Description

AllowBlankPassword

Inherited from DBDataPermission

OraclePermission does not support this property.


OraclePermission Public Methods

The OraclePermission public methods are listed in Table 5-90.

Table 5-90 OraclePermission Public Methods

Public Method Description

Add

Adds a new connection string fragment and a list of restricted keywords to the OraclePermission object

Assert

Inherited from CodeAccessPermission

Copy

Returns a copy of the current permission object

Demand

Inherited from CodeAccessPermission

Deny

Inherited from CodeAccessPermission

Equals

Inherited from CodeAccessPermission

FromXml

Inherited from DBDataPermission

GetHashCode

Inherited from CodeAccessPermission

GetType

Inherited from System.Object

Intersect

Inherited from DBDataPermission

IsSubsetOf

Returns a boolean value that indicates whether or not the current permission is a subset of the target permission

IsUnrestricted

Inherited from DBDataPermission

PermitOnly

Inherited from CodeAccessPermission

ToString

Inherited from CodeAccessPermission

ToXml

Inherited from DBDataPermission

Union

Inherited from DBDataPermission



OraclePermission Constructor

The OraclePermission constructor instantiates a new instance of the OraclePermission class.

Declaration

// C#
public OraclePermission (PermissionState state);

Parameters

  • state

    The state parameter takes one of the following two values: PermissionState.None or PermissionState.Unrestricted.

Exceptions

ArgumentException - The PermissionState value is invalid.


OraclePermission Static Methods

The OraclePermission static methods are listed in Table 5-91.

Table 5-91 OraclePermission Static Methods

Static Method Description

Equals

Inherited from System.Object

ReferenceEquals

Inherited from System.Object

RevertAll

Inherited from CodeAccessPermission

RevertAssert

Inherited from CodeAccessPermission

RevertDeny

Inherited from CodeAccessPermission

RevertPermitOnly

Inherited from CodeAccessPermission



OraclePermission Public Properties

The OraclePermission public methods are listed in Table 5-92.

Table 5-92 OraclePermission Public Properties

Public Properties Description

AllowBlankPassword

Inherited from DBDataPermission

OraclePermission ignores the value of this property. Any value set for this property, for an OraclePermission object, is ignored.



OraclePermission Public Methods

The OraclePermission public methods are listed in Table 5-93.

Table 5-93 OraclePermission Public Methods

Public Method Description

Add

Adds a new connection string fragment and a list of restricted keywords to the OraclePermission object

Assert

Inherited from CodeAccessPermission

Copy

Returns a copy of the current permission object

Demand

Inherited from CodeAccessPermission

Deny

Inherited from CodeAccessPermission

Equals

Inherited from CodeAccessPermission

FromXml

Inherited from DBDataPermission

GetHashCode

Inherited from CodeAccessPermission

GetType

Inherited from System.Object

Intersect

Inherited from DBDataPermission

IsSubsetOf

Returns a boolean value that indicates whether or not the current permission is a subset of the target permission

IsUnrestricted

Inherited from DBDataPermission

PermitOnly

Inherited from CodeAccessPermission

ToString

Inherited from CodeAccessPermission

ToXml

Inherited from DBDataPermission

Union

Inherited from DBDataPermission


Add

This method adds a new connection string fragment and a list of restricted keywords to the OraclePermission object.

Declaration

// C#
public void Add(string connStr, string keyRestrict, 
   KeyRestrictionBehavior behavior);

Parameters

  • connStr

    The connection string fragment.

  • keyRestrict

    The key restrictions.

  • behavior

    One of the following KeyRestrictionBehavior enumerations:

    • AllowOnly

    • PreventUsage

Exceptions

ArgumentException - The KeyRestrictionBehavior value or the format of the connStr or keyRestict string is invalid.

Remarks

The Add method configures the connection strings allowed or disallowed by the permission object.

Opening an OracleConnection is allowed or denied based upon the connection string fragment, key restrictions combination, and the key restriction behavior.

In the following example, KeyRestrictionBehavior.AllowOnly allows connection strings that use orcl as the Data Source with any User Id and Password combination but no other connection string keywords. Connection string keywords other than User Id and Password cause security exceptions.

orclPermission.Add("Data Source=orcl;","User Id=;Password=;",
   KeyRestrictionBehavior.AllowOnly);

In the next example, KeyRestrictionBehavior.PreventUsage restricts connection strings that use the keyword Pooling. Use of the Pooling keyword causes an exception.

orclPermission.Add("Data Source=orcl;","Pooling=;",
   KeyRestrictionBehavior.PreventUsage)

As a general rule, in an unrestricted environment, any connection string that is not allowed is restricted and throws a security exception.

If a connection string fragment contains key-value pairs for the password and proxy password attributes, then values for these attributes are ignored. However, the presence of the attributes themselves is still checked. This means that the connection is allowed only if the password and proxy attributes keywords are allowed in the connection string.

Copy

This method returns a copy of the current permission object.

Declaration

// C#
public override IPermission Copy();

Return Value

A copy of the OraclePermission object.

IsSubsetOf

This method returns a boolean value that indicates whether or not the current permission is a subset of the target permission.

Declaration

// C#
public override bool IsSubsetOf(IPermission target);

Parameters

  • target

    A permission that must be of type OraclePermission.

Return Value

A bool value that indicates whether or not the current permission is a subset of the target permission.

Exceptions

ArgumentException - The permission is not of the OraclePermission type.

Remarks

The AllowBlankPassword property is ignored when evaluating whether or not the current permission is a subset of the target permission.