oracle数据库在拥有create session权限下默认对所创建的对象有drop and alter权限,这些权限我们不能revoke,我们可以通过以下触发器来控制普通用户这些权限,来满足部分安全上的需要
CREATE OR REPLACE TRIGGER trg_dropdeny
before drop on database
begin
if (ora_login_user!='SYS' and ora_login_user!='SYSTEM')
then
raise_application_error(
num=>-20000,
msg=>'You can not drop ' || ora_dict_obj_name() || ' ! please ask dba to finish version control.thank you1');
end if;
end;
CREATE OR REPLACE TRIGGER trg_alterdeny
before alter on database
begin
if (ora_login_user!='SYS' and ora_login_user!='SYSTEM')
then
raise_application_error(
num=>-20000,
msg=>'You can not drop ' || ora_dict_obj_name() || ' ! please ask dba to finish version control.thank you1');
end if;
end;
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/36779/viewspace-907412/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/36779/viewspace-907412/