Hmm, this is a problem. If possible I'd also like to prevent SYSTEM from connecting if it comes from that particular module. I suppose I could revoke administer database trigger from the DBA role. Anyone have opinions on the ramifications of doing so? Jay Miller Sr. Oracle DBA 201.369.8355 -----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Ted Coyle Sent: Tuesday, October 16, 2007 9:22 AM To: alberto.dellera@xxxxxxxxx; oracle-l@xxxxxxxxxxxxx Subject: RE: Disconnecting session from an on logon trigger The exception method is great, but only if the user does not have ADMINISTER DATABASE TRIGGER granted somewhere like IMPORT FULL DATABASE. -- Ted -----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Alberto Dell'Era Sent: Monday, October 15, 2007 3:59 PM To: oracle-l@xxxxxxxxxxxxx Subject: Re: Disconnecting session from an on logon trigger > I'd like to create an on logon trigger that will prevent the user from > connecting in certain circumstances. I have one way of doing it which would > be to issue > execute immediate ' alter system kill session 'session_id', 'serial#'' Just raise an exception from the logon trigger raise_application_error (-20001, 'logon denied because ...'); so your bad user will also have a nice error which clearly states the reason why the logon was denied - which is very nice. -- Alberto Dell'Era "the more you know, the faster you go" -- //www.freelists.org/webpage/oracle-l -- //www.freelists.org/webpage/oracle-l -- //www.freelists.org/webpage/oracle-l