Re: logon trigger cannot prevent DBA account from logging in data ba se
- From: "Jared Still" <jkstill@xxxxxxxxx>
- To: Lijie.Tu@xxxxxxxxxxxxx
- Date: Tue, 4 Apr 2006 16:34:31 -0800
Create a new role for the user, similar to the DBA role
if that is what it requires.
Exclude the ADMINSTER DATABASE TRIGGER privilege from the role,
revoke DBA from the user and grant the new role to the user.
Any user with the ADMINSTER DATABASE TRIGGER either directly or
indirectly through a role cannot be prevented from logging in through the
use of a trigger.
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist
On 4/4/06, TU Lijie <Lijie.Tu@xxxxxxxxxxxxx> wrote:
>
> Well, in that case, Oracle should only prevent the logon trigger from
> killing sys/system session, while still allow the killing of other sessions.
>
> Anyway, logon trigger does not seem to get what I want, just wondering if
> there is a workaround to this.
>
> -----Original Message-----
> From: David Sharples [mailto:davidsharples@xxxxxxxxx<davidsharples@xxxxxxxxx>]
>
> Sent: Tuesday, April 04, 2006 12:42 PM
> To: Lijie.Tu@xxxxxxxxxxxxx
> Cc: oracle-l@xxxxxxxxxxxxx
> Subject: Re: logon trigger cannot prevent DBA account from logging in
> databa se
>
>
> you cant stop dba accounts from logging into the database. The reason
> being is that if you wrote a login trigger that didnt work then no-one
>
Other related posts:
