Re: Prevent certain users logging on during specific hours
- From: Andy Wattenhofer <watt0012@xxxxxxx>
- To: John.Hallas@xxxxxxxxxxxxxxxxxx
- Date: Thu, 24 Apr 2014 15:34:52 -0500
You could schedule a job to set a password (or use external auth) for the
restricted users' role at the start of the restricted period and then
another job to set it back to "not identified" at the end. It is a bit
hack-ish, but then so is using a logon trigger.
Andy
On Wed, Apr 23, 2014 at 1:42 AM, John Hallas <John.Hallas@xxxxxxxxxxxxxxxxxx
> wrote:
> We have a requirement to prevent database logons by specific users (who
> can be identified because they have a particular role) during certain times
> and I am thinking of options and looking for any other thoughts on the best
> approach. These are some of my thoughts
>
>
>
> Resource manager - put the users into a resource group and schedule that
> group to limit access appropriately – I have not tested this to see if it
> is possible but if you can give it zero CPU quota it might be possible –
> does seem a lot of effort though and my experience of RM is that it does
> need a lot of tweaking/maintenance
>
>
>
> Logon trigger - simple to implement - just needs a bit of work around
> matching current time with allowed hours - but it will run against every
> login and that is a big overhead on a busy system
>
>
>
> OEM job (or dbms scheduler) to revoke create session from role – thinking
> about it I think the scheduler job which is local on the database is safer.
> It would need to do some form of ‘alter user revoke role’ command but that
> should all work. The user does not get a good message back though which is
> a bit of a problem with 2 of the solutions but the login trigger could have
> a message output to the user
>
>
>
> Any other suggestions please
>
>
>
> Thanks John
>
>
>
> www.jhdba.wordpress.com
>
>
>
>
>
>
>
>
>
> DBA Team Leader
>
> Wm Morrison Supermarkets PLC
>
> Tel 0845 611 4589 Mob: 07876 790540
>
> E-mail: john.hallas@xxxxxxxxxxxxxxxxxx
>
>
>
> ______________________________________________________________________
> Wm Morrison Supermarkets Plc is registered in England with number 358949.
> The registered office of the company is situated at Gain Lane, Bradford,
> West Yorkshire BD3 7DL. This email and any attachments are intended for the
> addressee(s) only and may be confidential.
>
> If you are not the intended recipient, please inform the sender by
> replying to the email that you have received in error and then destroy the
> email.
> If you are not the intended recipient, you must not use, disclose, copy or
> rely on the email or its attachments in any way.
>
> This email does not constitute a contract in writing for the purposes of
> the Law of Property (Miscellaneous Provisions) Act 1989.
>
> Our Standard Terms and Conditions of Purchase, as may be amended from time
> to time, apply to any contract that we enter into. The current version of
> our Standard Terms and Conditions of Purchase is available at:
> http://www.morrisons.co.uk/gscop
>
> Although we have taken steps to ensure the email and its attachments are
> virus-free, we cannot guarantee this or accept any responsibility,
> and it is the responsibility of recipients to carry out their own virus
> checks.
> ______________________________________________________________________
>
--
Andy Wattenhofer
Manager, Database Administration
University of Minnesota
Other related posts:
