Re: Remind me why a user can drop a database link when they can't create one?

• From: "Rich Jesse" <rjoralist2@xxxxxxxxxxxxxxxxxxxxx>
• To: oracle-l@xxxxxxxxxxxxx
• Date: Thu, 27 Oct 2011 11:26:02 -0500 (CDT)

Hey Chris,

> Apparently "DROP DATABASE LINK" doesn't exist as a privilege, so why can
> users still do it when they no longer have the right to "CREATE DATABASE
> LINK"?
> Where does the drop database link security reside?

Neither does "DROP TABLE".  The owner always has that right.  However, like
the "DROP ANY TABLE" priv, there's a similar "DROP PUBLIC DATABASE LINK".

> I wonder if there is a system login trigger I could employ to prevent the
> drop?

I don't think a login trigger would necessarily help, but a database DDL
trigger "BEFORE DROP ON DATABASE" would.  A healthy "WHEN" clause would seem
to also be necessary here...

GL!

Rich

--
//www.freelists.org/webpage/oracle-l

• References:
  • Remind me why a user can drop a database link when they can't create one?
    • From: Taylor, Chris David

Other related posts:

• » Remind me why a user can drop a database link when they can't create one?- Taylor, Chris David
• » Re: Remind me why a user can drop a database link when they can't create one?- TESTAJ3
• » RE: Remind me why a user can drop a database link when they can't create one?- Taylor, Chris David
• » Re: Remind me why a user can drop a database link when they can't create one? - Rich Jesse

1. Home
2. oracle-l
3. Archive
4. 10-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---