Not good. What would stop mladen from altering his session to 'read wirte' after he's connected? Hi, in that case you can change the trigger CREATE TRIGGER FON.SADFASDF AFTER LOGON ON DATABASE . WHEN USER='MLADEN' THEN DROP USER MLADEN; . / :) ----------------- Ron Reidy Lead DBA Array BioPharma, Inc. -----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]On Behalf Of Juan Carlos Reyes Pacheco Sent: Thursday, December 16, 2004 12:36 PM To: oracle-l@xxxxxxxxxxxxx Subject: Re: Read Only User Hi I search some solution and found this , Maybe this trigger could help in some cases, why don't you test. :) Juan Carlos Reyes Pacheco OCP -------Original Message------- From: jkstill@xxxxxxxxx Date: 12/16/04 15:28:19 To: charlottejanehammond@xxxxxxxxx Cc: ORACLE-L Subject: Re: Read Only User This is something that should be handled by the application software. If this database is ever audited, it will fail the audit by doing this. The only read only accounts that are acceptable are generally for DBA's and app administrators, and for developers that need to see production data from outside the applicatoin. Jared On Thu, 16 Dec 2004 06:51:25 -0800 (PST), Charlotte Hammond <charlottejanehammond@xxxxxxxxx> wrote: > Hi all, > > I've been asked to shoehorn a user with "read only" access into a database which wasn't designed to accommodate that. > > Creating a role with select only on tables and views was easy but I'm struggling with how to handle packaged functions (which allow indirect access to view data). I can't grant execute on the whole package, as it also contains procedures that allow data changes. > > I could create wrapper packages with only the functions exposed, but that looks like a great big maintenance swamp as this isn't a very stable app and the developers keep on changing the package interfaces. > > Any easier ideas? (9.2 btw) > > Thanks > - Charlotte > > --------------------------------- > Do you Yahoo!? > Jazz up your holiday email with celebrity designs. Learn more. > > -- > //www.freelists.org/webpage/oracle-l > -- Jared Still Certifiable Oracle DBA and Part Time Perl Evangelist -- //www.freelists.org/webpage/oracle-l -- //www.freelists.org/webpage/oracle-l This electronic message transmission is a PRIVATE communication which contains information which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. Please notify the sender of the delivery error by replying to this message, or notify us by telephone (877-633-2436, ext. 0), and then delete it from your system. -- //www.freelists.org/webpage/oracle-l