Yep, that's it, as I determined independently, but not in time to avoid being scooped by Tanel. No shame in that, though! Paul Baumgartel CREDIT SUISSE Information Technology DBA & Admin - NY, KIGA 1 11 Madison Avenue New York, NY 10010 USA Phone 212.538.1143 paul.baumgartel@xxxxxxxxxxxxxxxxx www.credit-suisse.com -----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]On Behalf Of Tanel Poder Sent: Thursday, September 14, 2006 10:12 AM To: m.haddon@xxxxxxxxxxx; JApplewhite@xxxxxxxxxxxxx Cc: oracle-l@xxxxxxxxxxxxx Subject: RE: Restrict login for a particular user to be only from particul ar m achines Any user with ADMINISTER DATABASE TRIGGER privilege can log on even if the logon trigger raises an error. Look into udump and you'll see Oracle complaining about the trigger's exception there. Tanel. _____ From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Michael Haddon Sent: Thursday, September 14, 2006 09:25 To: JApplewhite@xxxxxxxxxxxxx Cc: oracle-l@xxxxxxxxxxxxx Subject: Re: Restrict login for a particular user to be only from particul ar m achines The trigger is working but when you raise the application error the insert gets rolled back. The only way we were able to accomplish the logging of a failed login was to use the declare pragma autonomous_transaction; begin This way the insert gets committed when you raise the application error exception Hope this helps Mike ============================================================================== Please access the attached hyperlink for an important electronic communications disclaimer: http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html ==============================================================================