Re: Prevent certain users logging on during specific hours
- From: Ethan Post <post.ethan@xxxxxxxxx>
- To: John.Hallas@xxxxxxxxxxxxxxxxxx
- Date: Thu, 24 Apr 2014 02:29:23 -0500
John,
Sorry to be a pain, but instead of answering your question can I ask one
instead? Who are these users? Are they really a problem and if so what is
the problem you have identified? My preference is always to give everyone
as much hassle free access to my databases as possible. I have plenty of
monitoring and alerting in place for the trouble makers. Just wondering,
perhaps there is a better solution than locking out users here.
Thanks,
Ethan
On Wed, Apr 23, 2014 at 1:42 AM, John Hallas <John.Hallas@xxxxxxxxxxxxxxxxxx
> wrote:
> We have a requirement to prevent database logons by specific users (who
> can be identified because they have a particular role) during certain times
> and I am thinking of options and looking for any other thoughts on the best
> approach. These are some of my thoughts
>
>
>
> Resource manager - put the users into a resource group and schedule that
> group to limit access appropriately – I have not tested this to see if it
> is possible but if you can give it zero CPU quota it might be possible –
> does seem a lot of effort though and my experience of RM is that it does
> need a lot of tweaking/maintenance
>
>
>
> Logon trigger - simple to implement - just needs a bit of work around
> matching current time with allowed hours - but it will run against every
> login and that is a big overhead on a busy system
>
>
>
> OEM job (or dbms scheduler) to revoke create session from role – thinking
> about it I think the scheduler job which is local on the database is safer.
> It would need to do some form of ‘alter user revoke role’ command but that
> should all work. The user does not get a good message back though which is
> a bit of a problem with 2 of the solutions but the login trigger could have
> a message output to the user
>
>
>
> Any other suggestions please
>
>
>
> Thanks John
>
>
>
> www.jhdba.wordpress.com
>
>
>
>
>
>
>
>
>
> DBA Team Leader
>
> Wm Morrison Supermarkets PLC
>
> Tel 0845 611 4589 Mob: 07876 790540
>
> E-mail: john.hallas@xxxxxxxxxxxxxxxxxx
>
>
>
> ______________________________________________________________________
> Wm Morrison Supermarkets Plc is registered in England with number 358949.
> The registered office of the company is situated at Gain Lane, Bradford,
> West Yorkshire BD3 7DL. This email and any attachments are intended for the
> addressee(s) only and may be confidential.
>
> If you are not the intended recipient, please inform the sender by
> replying to the email that you have received in error and then destroy the
> email.
> If you are not the intended recipient, you must not use, disclose, copy or
> rely on the email or its attachments in any way.
>
> This email does not constitute a contract in writing for the purposes of
> the Law of Property (Miscellaneous Provisions) Act 1989.
>
> Our Standard Terms and Conditions of Purchase, as may be amended from time
> to time, apply to any contract that we enter into. The current version of
> our Standard Terms and Conditions of Purchase is available at:
> http://www.morrisons.co.uk/gscop
>
> Although we have taken steps to ensure the email and its attachments are
> virus-free, we cannot guarantee this or accept any responsibility,
> and it is the responsibility of recipients to carry out their own virus
> checks.
> ______________________________________________________________________
>
Other related posts:
