Not good. What would stop mladen from altering his session to 'read = wirte' after he's connected? ----------------- Ron Reidy Lead DBA Array BioPharma, Inc. -----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]On Behalf Of Juan Carlos Reyes Pacheco Sent: Thursday, December 16, 2004 12:36 PM To: oracle-l@xxxxxxxxxxxxx Subject: Re: Read Only User Hi I search some solution and found this , Maybe this trigger could help in some cases,=20 why don't you test. :) =20 CREATE TRIGGER FON.SADFASDF AFTER=20 LOGON ON DATABASE .. WHEN USER=3D'MLADEN' THEN SET TRANSACTION READ ONLY; .. / =20 Juan Carlos Reyes Pacheco OCP -------Original Message------- =20 From: jkstill@xxxxxxxxx Date: 12/16/04 15:28:19 To: charlottejanehammond@xxxxxxxxx Cc: ORACLE-L Subject: Re: Read Only User =20 This is something that should be handled by the application software. =20 If this database is ever audited, it will fail the audit by doing this. =20 The only read only accounts that are acceptable are generally for DBA's and app administrators, and for developers that need to see production data from outside the applicatoin. =20 Jared =20 =20 =20 On Thu, 16 Dec 2004 06:51:25 -0800 (PST), Charlotte Hammond <charlottejanehammond@xxxxxxxxx> wrote: > Hi all, > > I've been asked to shoehorn a user with "read only" access into a = database which wasn't designed to accommodate that. > > Creating a role with select only on tables and views was easy but I'm struggling with how to handle packaged functions (which allow indirect access to view data). I can't grant execute on the whole package, as it = also contains procedures that allow data changes. > > I could create wrapper packages with only the functions exposed, but = that looks like a great big maintenance swamp as this isn't a very stable app = and the developers keep on changing the package interfaces. > > Any easier ideas? (9.2 btw) > > Thanks > - Charlotte > > --------------------------------- > Do you Yahoo!? > Jazz up your holiday email with celebrity designs. Learn more. > > -- > //www.freelists.org/webpage/oracle-l > =20 =20 -- Jared Still Certifiable Oracle DBA and Part Time Perl Evangelist -- //www.freelists.org/webpage/oracle-l -- //www.freelists.org/webpage/oracle-l This electronic message transmission is a PRIVATE communication which = contains information which may be confidential or privileged. The information is = intended=20 to be for the use of the individual or entity named above. If you are = not the=20 intended recipient, please be aware that any disclosure, copying, = distribution=20 or use of the contents of this information is prohibited. Please notify = the sender of the delivery error by replying to this message, or notify us = by telephone (877-633-2436, ext. 0), and then delete it from your system. -- //www.freelists.org/webpage/oracle-l