Re: Remind me why a user can drop a database link when they can't create one?

From: Rich Jesse <rjoralist2_at_society.servebeer.com>
Date: Thu, 27 Oct 2011 11:26:02 -0500 (CDT)
Message-ID: <7c50615758b3e0587489b382445d58c1.squirrel_at_society.servebeer.com>

Hey Chris,

> Apparently "DROP DATABASE LINK" doesn't exist as a privilege, so why can
> users still do it when they no longer have the right to "CREATE DATABASE
> LINK"?
> Where does the drop database link security reside?

Neither does "DROP TABLE". The owner always has that right. However, like the "DROP ANY TABLE" priv, there's a similar "DROP PUBLIC DATABASE LINK".

> I wonder if there is a system login trigger I could employ to prevent the
> drop?

I don't think a login trigger would necessarily help, but a database DDL trigger "BEFORE DROP ON DATABASE" would. A healthy "WHEN" clause would seem to also be necessary here...

GL!

Rich

--
http://www.freelists.org/webpage/oracle-l

Received on Thu Oct 27 2011 - 11:26:02 CDT

This message: [ Message body ]
Next message: rajendra.pande_at_ubs.com: "RE: Dumping contents of a view to CSV file"
Previous message: Sidney Chen: "Re: mv refresh question"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message