Hey Chris, > Apparently "DROP DATABASE LINK" doesn't exist as a privilege, so why can > users still do it when they no longer have the right to "CREATE DATABASE > LINK"? > Where does the drop database link security reside? Neither does "DROP TABLE". The owner always has that right. However, like the "DROP ANY TABLE" priv, there's a similar "DROP PUBLIC DATABASE LINK". > I wonder if there is a system login trigger I could employ to prevent the > drop? I don't think a login trigger would necessarily help, but a database DDL trigger "BEFORE DROP ON DATABASE" would. A healthy "WHEN" clause would seem to also be necessary here... GL! Rich -- //www.freelists.org/webpage/oracle-l