Well, in that case, Oracle should only prevent the logon trigger from killing sys/system session, while still allow the killing of other sessions. Anyway, logon trigger does not seem to get what I want, just wondering if there is a workaround to this. -----Original Message----- From: David Sharples [mailto:davidsharples@xxxxxxxxx] Sent: Tuesday, April 04, 2006 12:42 PM To: Lijie.Tu@xxxxxxxxxxxxx Cc: oracle-l@xxxxxxxxxxxxx Subject: Re: logon trigger cannot prevent DBA account from logging in databa se you cant stop dba accounts from logging into the database. The reason being is that if you wrote a login trigger that didnt work then no-one could ever log into change it Revoke dba from the user and grant him the priveleges he needs On 04/04/06, TU Lijie <Lijie.Tu@xxxxxxxxxxxxx> wrote: Hi all, I want to prevent certain OS users from logging in database using certain DB accounts (say: ORAUSR1). The following code works only if ORAUSR1 is NOT a DBA account. Can anybody please help? We have to grant the DBA role to the schema owner of our ERP system , but the password for this account is well-known and changing it is not advisable as many applications are using this account with hard-code the password.