John, Sorry to be a pain, but instead of answering your question can I ask one instead? Who are these users? Are they really a problem and if so what is the problem you have identified? My preference is always to give everyone as much hassle free access to my databases as possible. I have plenty of monitoring and alerting in place for the trouble makers. Just wondering, perhaps there is a better solution than locking out users here. Thanks, Ethan On Wed, Apr 23, 2014 at 1:42 AM, John Hallas <John.Hallas@xxxxxxxxxxxxxxxxxx > wrote: > We have a requirement to prevent database logons by specific users (who > can be identified because they have a particular role) during certain times > and I am thinking of options and looking for any other thoughts on the best > approach. These are some of my thoughts > > > > Resource manager - put the users into a resource group and schedule that > group to limit access appropriately – I have not tested this to see if it > is possible but if you can give it zero CPU quota it might be possible – > does seem a lot of effort though and my experience of RM is that it does > need a lot of tweaking/maintenance > > > > Logon trigger - simple to implement - just needs a bit of work around > matching current time with allowed hours - but it will run against every > login and that is a big overhead on a busy system > > > > OEM job (or dbms scheduler) to revoke create session from role – thinking > about it I think the scheduler job which is local on the database is safer. > It would need to do some form of ‘alter user revoke role’ command but that > should all work. The user does not get a good message back though which is > a bit of a problem with 2 of the solutions but the login trigger could have > a message output to the user > > > > Any other suggestions please > > > > Thanks John > > > > www.jhdba.wordpress.com > > > > > > > > > > DBA Team Leader > > Wm Morrison Supermarkets PLC > > Tel 0845 611 4589 Mob: 07876 790540 > > E-mail: john.hallas@xxxxxxxxxxxxxxxxxx > > > > ______________________________________________________________________ > Wm Morrison Supermarkets Plc is registered in England with number 358949. > The registered office of the company is situated at Gain Lane, Bradford, > West Yorkshire BD3 7DL. This email and any attachments are intended for the > addressee(s) only and may be confidential. > > If you are not the intended recipient, please inform the sender by > replying to the email that you have received in error and then destroy the > email. > If you are not the intended recipient, you must not use, disclose, copy or > rely on the email or its attachments in any way. > > This email does not constitute a contract in writing for the purposes of > the Law of Property (Miscellaneous Provisions) Act 1989. > > Our Standard Terms and Conditions of Purchase, as may be amended from time > to time, apply to any contract that we enter into. The current version of > our Standard Terms and Conditions of Purchase is available at: > http://www.morrisons.co.uk/gscop > > Although we have taken steps to ensure the email and its attachments are > virus-free, we cannot guarantee this or accept any responsibility, > and it is the responsibility of recipients to carry out their own virus > checks. > ______________________________________________________________________ >