No DDL operation on database.

Dear all,
I am using oracle 9i.
I want that no user could perform DDL operation on database except sys user.
How can I achive this.
Please advice.
Waiting for your reply.
Regards,

But my condition is this.I have schema say A.It have
database objects like tables and views.
I want that all users should have schema name and
password.I just love questions like this. "I've got a completely insecure setup and my users are running amok. But I don't want to put proper procedures in place and I don't want to train my users. Please help me."
Okay, here is the answer: triggers to prevent DDL.
SQL> conn sys as sysdba
Enter password: **********
Connected.
SQL> CREATE TRIGGER no_drop BEFORE DROP ON scott.SCHEMA
  2  BEGIN
  3     IF user != 'SYS'
  4     THEN
  5        RAISE_APPLICATION_ERROR(-20000, 'Naughty, naughty, naughty!');
  6     END IF;
  7  END;
  8  /
Trigger created.
SQL> conn scott/tiger
Connected.
SQL> drop table emp
  2  /
drop table emp
ERROR at line 1:
ORA-00604: error occurred at recursive SQL level 1
ORA-20000: Naughty, naughty, naughty!
ORA-06512: at line 4
SQL> Cheers, APC

Similar Messages

  • How  to  know  ddl  operations  done  against the  database

    hi,
    we are using oracle 10g.
    i am new to oracle dba how i know what are the DDL operations done against the database in oracle , i can i track that one and is there any view to store that informations

    Hello,
    I would recommend you to read Oracle documentation for using auditing DDL statements and more
    http://download.oracle.com/docs/cd/B19306_01/server.102/b14220/security.htm#sthref2913
    http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_4007.htm#SQLRF01107
    Regards
    OrionNet

  • How to restrict the developers to do DDl Operations on the tables

    Dear All,
    Even i restricted the developers to do DDL operations by updating CHAR_VALUE=disabled in the table SQLPLUS_PRODUCT_PROFILE table in system/manager schema.
    So, now the users are unable to do DDL operations from PLSQL Developer, iSQLPLUS and command prompt.
    But they are doing their DDL Operations from the Java application, i don't know how they are doing this.
    But how can i restrict them
    Thanks
    Mahipal Reddy

    It does not make sense to attempt to restrict users by using security in a tool - like using SQLPLUS_PRODUCT_PROFILE for SQL*Plus. Whoever the person who designed this at Oracle was, needs to be introduced the wrong end of a lead pipe. It is nonsensical to approach security in that fashion.
    As for restricting DLL, there are numerous levels that this can be dealt with inside Oracle. From simply not granting a CREATE TABLE statement, to using schema/DDL triggers.
    But seeing that you have this problem, I'm betting that it's as a result of a flawed open door Oracle security policy.
    You should start at beginning. Determine what the security requirements and access levels are, and then implement these properly in Oracle. Using a DLL trigger for example, is often an exception when it comes to a proper security model implementation in Oracle.

  • ORA-30511: invalid DDL operation in system triggers

    Hi,
    I am calling a procedure in a Trigger.
    In that Procedure EXECUTE IMMEDIATE is used to CREATE a table.
    But when The Trigger is firing its giving Error as :ORA-30511: invalid DDL operation in system triggers
    Kindly any help will be needful for me

    user598986 wrote:
    Hi,
    I am calling a procedure in a Trigger.
    In that Procedure EXECUTE IMMEDIATE is used to CREATE a table.
    But when The Trigger is firing its giving Error as :ORA-30511: invalid DDL operation in system triggers[I thought I already explained it|http://forums.oracle.com/forums/message.jspa?messageID=3379456#3379683]. And again, granting privileges dynamically in a logon trigger is a very bad design. If you want to stick to it, you could schedule a job in trigger, as Timur suggested, however keep in mind, job runs asynchronously, so trigger will have to wait for the job to finish. Otherwise there might be a gap where session would not have privs granted yet.
    SY.

  • [4.0] Incomplete sort for objects in DDL when using Database Export or "quick DDL"

    As far as I could see, a similar problem has been reported for earlier versions of SQL Developer, but still seems to apply for some parts in 4.0.0.13.80 under Windows7 64bit with JDK 1.7.0_45 64bit ...
    Currently not all objects in a generated DDL using "Quick DDL" or "Tools - Database Export" are sorted evenly ... tables and foreign key constraints seem to be sorted, but common constraints are not.
    This is rather annoying when trying to compare the generated scripts of two databases. Or trying to detect changes over lifetime (SVN etc.).
    Or is there an option for this I could not find/see so far?
    example output from database export of SQLDev 4.0.0.13.80 on the same machine, within some minutes, no configuration change, for a local and a remote database ...
    from local:
    Questions:
    why are there blank lines added for the local database
    why aren't the grants in the same order
    local database
    remote database
      GRANT DELETE, INSERT, SELECT, UPDATE ON "FOREIGNSCHEMA"."TABLE_FOR_GRANT" TO "ACCESS_ROLE_FOR_SCHEMA_3";
      GRANT REFERENCES ON "FOREIGNSCHEMA"."TABLE_FOR_GRANT" TO "SCHEMA_3";
      GRANT REFERENCES ON "FOREIGNSCHEMA"."TABLE_FOR_GRANT" TO "SCHEMA_4";
      GRANT SELECT, REFERENCES ON "FOREIGNSCHEMA"."TABLE_FOR_GRANT" TO "SCHEMA_5";
      GRANT SELECT, REFERENCES ON "FOREIGNSCHEMA"."TABLE_FOR_GRANT" TO "SCHEMA_6";
      GRANT SELECT ON "FOREIGNSCHEMA"."TABLE_FOR_GRANT" TO "SCHEMA_7";
      GRANT REFERENCES ON "FOREIGNSCHEMA"."TABLE_FOR_GRANT" TO "SCHEMA_3";
      GRANT REFERENCES ON "FOREIGNSCHEMA"."TABLE_FOR_GRANT" TO "SCHEMA_4";
      GRANT SELECT, REFERENCES ON "FOREIGNSCHEMA"."TABLE_FOR_GRANT" TO "SCHEMA_5";
      GRANT DELETE, INSERT, SELECT, UPDATE ON "FOREIGNSCHEMA"."TABLE_FOR_GRANT" TO "ACCESS_ROLE_FOR_SCHEMA_3";
      GRANT SELECT, REFERENCES ON "FOREIGNSCHEMA"."TABLE_FOR_GRANT" TO "SCHEMA_6";
    remark: missing SCHEMA_7 is okay, because it is not yet on the remote database
    Similar applies to non foreign key constraints, where the unsorted output is even worse ...
    Message was edited by: stueckl

    Did you ever figure out why SQL Developer isn't exporting the NOT NULL attribute of columns?
    I'm running into that on a 9i database, but not on 11g.
    Skip

  • Create trigger before any DML or DDL operations on any schema objects

    Dears,
    I need to create a trigger on schema that fire before any DML or DDL operations on any object (table,view,. . . etc) in the schema.
    Can i do this, like "BEFORE insert or update or delete or drop or truncate on SCHEMA" ?
    Thanks & Regards,,

    Dear Peter,_
    Please, i need to say one thing before reading my below simple answers . . .
    You must deal with any issue from others seriously and read it carefully_
    Sorry, you haven't explained anything about your actual problem, we are still left to guessing.Not right, I was clear as i said the below notes:
    1 - I need to create a trigger on schema that fire before any DML or DDL operations on any object.
    2 - We have another simple application is connected also to DB and we must have this application but DB password is must written clear in some files and these files must be shared for business requirements.
    Since I still do not understand your problem, I can only guess of the most relevant:After all of the above clarification, still do not understand . . . How !!!
    1.9 Sweeping privileges. This is always a good exercise
    2.10 Audit and Analyse User access. Who connects as what from where (And later maybe why).
    3.8 Restrict Access from Specific Nodes OnlyYou are right but not valid in my issue.
    3.1 Remove the passwords from scriptsIt seems that you did not read my replies carefully as I said before that DB password is must be written clear in some files and these files must be shared for business requirements.
    Why not spend just a day to get some feeling of the ideas, and find the best match(es) for your situation.I am investigating in my issue a month ago and tried a lot of solutions but found that i will have to apply this trigger solution.
    If you are looking for a short answer in a public forum, I am afraid you won't find it.
    (At least not until we understand what you are trying to do, and why)I know exactly what i need and why. Read again my replies carefully and you will know also.
    Not at allSure, you still do not understand because you did not read my replies carefully !
    Dear All_
    I already created the trigger to prevent any DML or DDL on any schema objects for specific users.
    If all the users now have the super password, i can permit specific users to do (DML & DDL) and the others will not be able at all.
    As a Challenge, i can say the super password now to the public and they will not be able to do any (DML & DDL) . . . I can say now, "I succeeded" :)
    Really, thanks All for greatest support . . . Already i was benefited a lot from your advises.
    Regards,

  • ORA-02021: DDL operations are not allowed on a remote database

    Hi,
    While creating a trigger to keep track of every deletion on a remote table, I am receiving this error.
    I am not using any DDL within my trigger.
    My trigger code is:
    CREATE OR REPLACE TRIGGER neeraj.iuc_trig
    before delete on neeraj_test@iuc
    for each row
    DECLARE .........................
    Here iuc is public database link.
    Any idea ?
    Regards,
    Neeraj

    Hi Neeraj,
    you cannot define a trigger on a remote table.
    why don't you define the trigger just directly on
    the remote db.
    You can define some insert/update ... operations
    on "your" db in your trigger.
    you need a db_link for that on your remote-db
    to your "original"-db
    update emp@orig_db ...
    Regards
    Schoeib
    Message was edited by:
    schoeib

  • Multiple database operations in Database Adapter - please help

    Hi,
    I would like to have multiple operation in my database adapter. I drop the database adapter onto the composite.xml and follow the wizard. An adapter with one operation is created.
    When I click the "Edit" button on it and run the wizard again, all the previous changes are lost, and only the new operation is present.
    In the "Oracle® Fusion Middleware User's Guide for Technology Adapters 11g Release 1 (11.1.1.5.0) 9 Oracle JCA Adapter for Database" I read the following:+
    While at run time you have Oracle Database Adapter instances, at design time you have the Adapter Configuration Wizard (link). You can run it once to generate a single adapter service end point, and then multiple times in edit mode to make incremental changes to each. It generates all the adapter related artifacts needed when deploying a SOA composite as Table 9-1 lists.
    But I how do I change the Jdeveloper into the "edit mode" ??? I've been trying for hours, and I cant figure it out. Please help!!!

    Hi Vijay,
    did you actually test this? When I finish creating a DBAdapter, there is a operation present. Then when I click edit again on the DBAdapter, and I create another select, when I finish only the first operation is gone, and I can only see the one I've created via the last edit.
    I dont understand your reply. Can I have two operations, each one with select underneath, in the same adapter?
    Edited by: user13604541 on Jan 30, 2012 11:19 AM

  • Use of JDBC to execute ddls in oracle database

    Hi,
    I am knew to the JDBC concepts. My requirement is to execute oracle database ddls from a JSP application. The ddls like 'Alter tablespace...', 'Alter session...' etc.. The application is using JDBC to connect to the database.
    Is there any option available to do this task using JDBC
    If not, then please let me know if there are any other ways to execute such statements from an application.
    Thanks

    shah wrote:
    Is there any option available to do this task using JDBC1. Find PL/SQL code that does this in a stored proc
    2. Run the stored proc from jdbc.
    If you can't do it in a proc then you can't do it from jdbc.
    If not, then please let me know if there are any other ways to execute such statements from an application.You can run scripts via the command line using sqlplus (character mode.)
    Sqlplus is an application.
    You can control any application (character based) in java via Runtime.exec/ProcessBuilder.

  • How to add custom sql operations in Database adapters?

    I have a database adapter in ESB configured with insert, update and select operations.
    I wanted to add another select operation with pure sql. When I added the operation it gave me error "Start of the root element expected" while registering the service.
    Can't we do like this?
    I use SOA suite 10.1.3.4.
    - Sam

    Hi Thanks for reply.
    There is an option while configuring the DB adapter "Execute Custom SQL" where you can specify the query you want to execute. It will generate the schema as per the query you enter in the wizard.
    I have created adapters with this type of custom SQLs and even I have put multiple operations in the same adapters where all use Custom SQL and they are working fine.
    Thease custom SQL operations can be anything insert, update, select and they even work with other operations using procedures in the same adapter. But yes we need to modify the WSDL manuallly.
    My problem was that when I try to add the custom SQL operation in the adapter which is configured with normal select, insert and update operation, I was getting the error mentioned.
    - Sam

  • How to handle DDL in remote database

    Hi our db running on 10g. How to handle DDL's on the remote database? My requirement is as a object migration, how to migrate object/s from database A to database B through user. Say i have table call my_table in database A I want to create/replace this table on database B as a database user. Is there a way can be done? Database link or streams or any other method?
    Thanks in advance,
    -B

    You have many options to do this, just to name a few
    use COPY command of SQLPLUS
    SQL> copy from scott/tiger@DB_A
             to scott/tiger@DB_B
             create new_emp using select * from emp;create database link to database A in database B, run this from database B
    create new_emp as select * from emp@dblinkDB_A;or export/import
    etc.

  • Extract trigger DDL from 8i database

    Hi All,
    We are in process of migrating our 8i database's to 11g. for some reason , we excluded triggers while import. now , I need to get all the ddl's from 8i database.
    I think , dbms_metatadata is not there in 8i. using the following script did not help , as it does not append owner to trigger name. this script was taken from Mr Kyte book
    select
    'create or replace trigger ''' ||
    trigger_name || '''' || chr(10)||
    decode( substr( trigger_type, 1, 1 ),
    'A', 'AFTER', 'B', 'BEFORE', 'I', 'INSTEAD OF' ) ||
    chr(10) ||
    triggering_event || chr(10) ||
    'ON ''' || table_owner || '''.''' ||
    table_name || '' || chr(10) ||
    decode( instr( trigger_type, 'EACH ROW' ), 0, null,
    'FOR EACH ROW' ) || chr(10) ,
    trigger_body
    from dba_triggersRegards

    Thanks solomon, but , it still need some correction , I guess..
    create or replace trigger 'UFP"."UFP_TW_COST_AIUDR'
    AFTER
    INSERT OR UPDATE OR DELETE
    ON 'UFP'.'UFP_TGT_WKSHT_COST
    FOR EACH ROW
    DECLARE
       action_flag UFP.UFP_TGT_WKSHT_COST_AUDIT.ACTION%TYPE;
    BEGIN
       IF DELETING THEN
          insert into UFP.UFP_TGT_WKSHT_COST_AUDIT
             (PROJNO, REVNO, LINE_NUMBER, OPTION_NUMBER, COST, SKU_NUMBER, USERID,
             TIMESTAMP, ACTION)
             values
             (:old.PROJNO, :old.REVNO, :old.LINE_NUMBER, :old.OPTION_NUMBER, :old.COST, :old.SKU_NUMBER, USER,
             SYSDATE, 'DEL');
       ELSE
          IF INSERTING THEN
             action_flag := 'INS';
          ELSE
             action_flag := 'UPD';
          END IF;
          insert into UFP.UFP_TGT_WKSHT_COST_AUDIT
             (PROJNO, REVNO, LINE_NUMBER, OPTION_NUMBER, COST, SKU_NUMBER, USERID,
             TIMESTAMP, ACTION)
             values
             (:new.PROJNO, :new.REVNO, :new.LINE_NUMBER, :new.OPTION_NUMBER, :new.COST, :new.SKU_NUMBER, USER,
             SYSDATE, action_flag);
       END IF;
    END;
    create or replace trigger 'UFP"."UFP_TW_COST_AIUDR'
    ERROR at line 1:
    ORA-04070: invalid trigger name

  • Using Data Pump to get a copy of all the CREATE TABLSPACE DDL in a database

    I have been looking through the documentation for a way to export.
    I was thinking I could get the DDL using the below and them don an IMPDP SQLFILES=yyy.sql
    cat expddl.sql
    DIRECTORY=dpdata1
    JOB_NAME=EXP_JOB
    CONTENT=METADATA_ONLY
    FULL=yes
    DUMPFILE=export_${ORACLE_SID}.dmp
    LOGFILE=export_${ORACLE_SID}.log
    I would have thought you could just do an INCUDE on the tablespace but it does not like that.
    10.2.0.3

    I would like to know why you want create tablespace DDLs ? As if you have to import it on the same machine (or the machine with similar mount points) the import should do that automatically for you. And if you have to do it on some other machine, you can always use SQLFILE option to generate DDL from the export dump.
    Regards,
    Amardeep Sidhu

  • TABLE FOR Operating System  & database

    Hi
    in which table i can findout operatingsystem version and database version

    Hi,
        your questions are related to the WAS you could trythe WAS General forum.
    COMM_CFGDBVERS for database version
    <b>Reward points</b>
    Regards

  • IN Operator in Database ----  slow

    Hi,
    I am new for Oracle 10g. I just feel IN operator is kind of slow compared with LIKE or SQL Server experience I had.
    Thanks for any help,
    Kevin

    Hello,
    I want to return comma sprated values from a Oracle Stored Procedure using OUT parameter...
    Please help....
    --Deepssss                                                                                                                                                                                                                                                                           

Maybe you are looking for

  • Curve 9320 issue (hang problem)

    Hello, i have purchased curve 9320 3G 1 month back but i couldn't use this more than 1 day, i use to freeze frequently, after inserting sim, it was running fine for 10-12 Hrs, after than when i received incoming call, it showed me the number and cont

  • Problems with colors in iWork

    I have just installed my iWork 08' - got it for free at a friend - but as i opened Keynote for the first time, all colors were strange. It was like they were negative. The only color showing was white, with a purple shadow, and the sample pictures we

  • Itunes got delted,songs still on ipod,how to get them back in itunes librar

    my computer crashed so i had to redownload everything, now that i redownloaded itunes, and plugged in my ipod(all songs are still on ipod) how do i get them back into itunes library music section?

  • Installation Identity Management on RedHat 4.7

    Hi, all. Please, help me. I installed repository of infrastructure v. 10.1.4 to database v. 10.2.0.4 in one server and try to install Identity Management with OID, SSO, ODI etc to other server. Installation succesfull but OC4J Instance Configuration

  • GPIB erreur communication

    Bonjour, J'ai un problème d'exécution d'un vi bloqué sur un sous vi permettant l'initialisation d'un gaussmètre DG6 par une carte AT-GPIB/TNT branchée sur un port isa (avant de procéder à des mesures avec une sonde fixée sur une table 3 axes) Le sous