Calling set_context() outside after logon trigger?
Hello all
I'm trying out and learning on using the application context so I tried out the tutorials from: Oracle® Database Security Guide 11g Release 1 (11.1) B28531-06 document (well, very similar examples that is)
I made a procedure which should retreive the employee_id based on the provided user_name (a logical user_name stored in a table) and set an (attribute, value) pair using the dbms_session.set_context()...
select employee_id into emp_id from user_pswd_table where user_name like p_user_name;
DBMS_SESSION.SET_CONTEXT('employee_id_ctx', 'employee_id', emp_id);
and (the tester) the call of the procedure looked like something like this:
declare usernm varchar2(30);
begin
usernm :='user_name_which_will_be_provided';
set_employee_id_pck.set_employee_id_ctx(usernm);
end;
but as it seams like it is only working if the call is made from the after logon on database trigger...if that's the case after the next log on I have the needed information retrieved with select sys_context(...) from dual, but if that's not the case if I call that procedure from anywhere else it results with no_data_found.
Could someone please explain to me why is that???
Thx in advance :D
Ildiko
Sorry Frank, the message for Ildiko.
You found below context example
Login with user scott :
-- creation table dossiers
SQL> connect scott/tiger@oratest
Connected.
--creation de la table dossiers
CREATE TABLE DOSSIER(
NO_DOS NUMBER(6),
DT_DOS DATE,
TYPE_DOS VARCHAR2(50) CHECK (TYPE_DOS IN ('SECRET','NORMAL'))
--Insertions in table dossiers
SQL> insert into dossier values(1,trunc(sysdate),'SECRET');
1 row created.
SQL> insert into dossier values(2,trunc(sysdate),'SECRET');
1 row created.
SQL> insert into dossier values(3,trunc(sysdate),'SECRET');
1 row created.
SQL> insert into dossier values(4,trunc(sysdate),'NORMAL');
1 row created.
SQL> insert into dossier values(5,trunc(sysdate),'NORMAL');
1 row created.
SQL> commit;
Commit complete.
SQL> select * from dossier;
NO_DOS DT_DOS TYPE_DOS
1 22-MAY-07 SECRET
2 22-MAY-07 SECRET
3 22-MAY-07 SECRET
4 22-MAY-07 NORMAL
5 22-MAY-07 NORMAL
-- Logon with user sys :
-- Attribution grants
grant execute on dbms_rls to scott;
grant execute on dbms_session to scott;
grant ADMINISTER DATABASE TRIGGER to scott;
grant alter session to scott ;
--Logon with user system :
--Création et attribution rôles
Create role sec_employe ;
Create role sec_manager;
Grant select, update,insert, delete on scott.dossier to sec_employe ;
Grant select, update,insert, delete on scott.dossier to sec_manager;
Grant sec_manager to scott;
Grant create any context to scott;
grant create table to scott;
grant create procedure to scott;
-Logon with user scott :
-- Création context package
SQL> create or replace package pkg_dossier_context
2 is
3 procedure set_manager;
4 procedure set_employe;
5 end;
Package created.
SQL> create or replace package body pkg_dossier_context
2 as
3 procedure set_manager
4 is
5 begin
6 dbms_session.set_context('scott_dossier','app_role','manager');
7 end;
8 --
9 procedure set_employe
10 is
11 begin
12 dbms_session.set_context('scott_dossier','app_role','employe');
13 end;
14 end;
Package body created.
-- Création context
SQL> create or replace context scott_dossier using pkg_dossier_context;
Context created.
-- Création du package de sécurité
SQL> create or replace package pkg_dossier_sec
2 as
3 function dossier_predicate(schema_name in varchar2, object_name in varchar2)
4 return varchar2;
5 end;
Package created.
SQL> create or replace package body pkg_dossier_sec
2 as
3 function dossier_predicate(schema_name in varchar2,object_name in varchar2)
4 return varchar2
5 is
6 lv_predicate varchar2(1000):='';
7 begin
8 if sys_context('scott_dossier','app_role') = 'manager' then
9 lv_predicate:='type_dos=''SECRET'''; -- a le droit de voir uniquement
-- les dossiers de type SECRET
10 elsif sys_context('scott_dossier','app_role') = 'employe' then
11 lv_predicate:='type_dos=''NORMAL'''; -- a le droit de voir uniquement
--les dossiers de type NORMAL
12 else
13 lv_predicate:='1=2'; -- block access
14 end if;
15 return lv_predicate;
16 end;
17 end;
Package body created.
-- Add la policy (politique)
SQL> begin
2 dbms_rls.add_policy(
3 object_schema => 'SCOTT',
4 object_name => 'DOSSIER',
5 policy_name => 'SCOTT_DOSSIER_POLICY',
6 function_schema => 'SCOTT',
7 policy_function => 'pkg_dossier_sec.dossier_predicate',
8 statement_types => 'select, insert, update, delete',
9 update_check => TRUE,
10 enable => TRUE,
11 static_policy => FALSE);
12 end;
PL/SQL procedure successfully completed.
-- Création du trigger on logon
SQL> create or replace trigger scott_logon_trigger
2 after logon on database
3 declare
4 NB VARCHAR2(30) ;
5 begin
6 select granted_role
7 into nb
8 from dba_role_privs
9 where grantee='SCOTT' and granted_role='SEC_MANAGER' ;
10 pkg_dossier_context.set_manager;
11 exception
12 when no_data_found then
13 pkg_dossier_context.set_employe;
14 end;
Trigger created.
PL/SQL procedure successfully completed.
SQL> SELECT * FROM DOSSIER;
NO_DOS DT_DOS TYPE_DOS
1 22-MAY-07 SECRET
2 22-MAY-07 SECRET
3 22-MAY-07 SECRET
Explication :
Scott a le rôle sec_manager donc il a le droit de voir uniquement les dossiers de type SECRET,
une clause de restriction se rajoute à ma requête initiale,
elle devient :SELECT * FROM DOSSIERS WHERE type_dos='SECRET' ;
-- Connect with user system :
SQL> revoke sec_manager from scott;
Revoke succeeded.
SQL> grant sec_employe to scott;
Grant succeeded.
--Connect with user scott :
SQL> connect scott/tiger@oratest;
Connected.
SQL> select * from dossier;
NO_DOS DT_DOS TYPE_DOS
4 22-MAY-07 NORMAL
5 22-MAY-07 NORMAL
--Pour enlever le policy
SQL> begin
2 dbms_rls.drop_policy(
3 object_schema => 'SCOTT',
4 object_name => 'DOSSIER',
5 policy_name => 'SCOTT_DOSSIER_POLICY');
6 end;
PL/SQL procedure successfully completed.
SQL> select * from dossier;
NO_DOS DT_DOS TYPE_DOS
1 22-MAY-07 SECRET
2 22-MAY-07 SECRET
3 22-MAY-07 SECRET
4 22-MAY-07 NORMAL
5 22-MAY-07 NORMALEdited by: Salim Chelabi on 2008-12-16 10:54
Edited by: Salim Chelabi on 2008-12-16 11:26
Similar Messages
-
Insufficient privileges using execute immediate in after logon trigger
I have an after logon trigger that executes a package/procedure in the schema it was created in.
One of the procedures runs the following:
EXECUTE IMMEDIATE 'AUDIT INSERT TABLE, UPDATE TABLE, DELETE TABLE, EXECUTE PROCEDURE BY ' || USER;
The procedure is throwing an insufficient privileges error when executing this.
However - the schema owner has audit any and audit system privileges and - the statement works fine independently.
When I login as another user this issue arises. The package/procedure are created with definers rights... So - i'm not sure why this is happenening.
Any help is appreciated.privileges acquired via ROLE do NOT apply within named PL/SQL procedures.
SQL> SET ROLE NONE
SQL> --issue AUDIT again now -
Closing DBA session in AFTER LOGON trigger
Hello *,
this is my first question here and my first piece of code in oracle so please don't laugh ;-)
I'm trying to create an AFTER LOGON trigger which disconnects a user if he/she tries to log in from an incorrect host.
What should happen?
User tries to connect.
If he/she is permitted, a record is added to a table.
If not, a record is added to another table and the user is disconnected using RAISE_APPLICATION_ERROR().
After a number of issues I've got it working, except ... I have the feeling that RAISE_APPLICATION_ERROR() doesn't effect users with DBA privileges.
Finally, I'm testing it with one ordinary user - DEF.
The main idea is to disallow connections from user ABC which has DBA privileges.
Tests using DEF are successful but when ABC tries to log in from an incorrect host, a record is added in pcbaudit_failed_logins but the user is not disconnected.
The database is 9.2.0.8.0 and I'm prepared to post RDA report if it is required.
Thank you for your help in advance - I hope I was kind enough :P
Here's the code for the trigger:
DROP TABLE pcbaudit_users;
CREATE TABLE pcbaudit_users (username VARCHAR2(32) NOT NULL, host VARCHAR2(64) NOT NULL);
CREATE INDEX idx_pcbaudit_users_username ON pcbaudit_users(username);
CREATE INDEX idx_pcbaudit_users_host ON pcbaudit_users(host);
DROP TABLE pcbaudit_logins;
CREATE TABLE pcbaudit_logins (username VARCHAR2(32), ip_address VARCHAR2(15), host VARCHAR2(64), ts DATE);
DROP TABLE pcbaudit_failed_logins;
CREATE TABLE pcbaudit_failed_logins (username VARCHAR2(32), ip_address VARCHAR2(15), host VARCHAR2(64), ts DATE);
CREATE OR REPLACE PUBLIC SYNONYM pcbaudit_users FOR sys.pcbaudit_users;
CREATE OR REPLACE PUBLIC SYNONYM pcbaudit_logins FOR sys.pcbaudit_logins;
CREATE OR REPLACE PUBLIC SYNONYM pcbaudit_failed_logins FOR sys.pcbaudit_failed_logins;
GRANT SELECT ON sys.pcbaudit_users TO public;
GRANT INSERT ON sys.pcbaudit_logins TO public;
GRANT INSERT ON sys.pcbaudit_failed_logins TO public;
INSERT INTO pcbaudit_users VALUES ('SYS', '%');
INSERT INTO pcbaudit_users VALUES ('SYSTEM', '%');
INSERT INTO pcbaudit_users VALUES ('ABC', '%');
INSERT INTO pcbaudit_users VALUES ('DEF', '%');
COMMIT;
CREATE OR REPLACE
TRIGGER logon_pcbaudit_trigger AFTER LOGON ON DATABASE
DECLARE
v_username VARCHAR2(32); /* variable that will hold current username */
v_host VARCHAR2(4000); /* variable that will hold current host */
v_allowed NUMBER(1) := 0;
PRAGMA AUTONOMOUS_TRANSACTION;
BEGIN
SELECT UPPER(USER), /* current user */
UPPER(SYS_CONTEXT('USERENV', 'HOST')) /* current user host */
INTO v_username,
v_host
FROM dual;
/* debug */
-- DBMS_OUTPUT.PUT_LINE(v_username || '@' || v_host);
SELECT 1
INTO v_allowed
FROM pcbaudit_users
WHERE UPPER(username) = v_username
AND (
UPPER(REPLACE(v_host, CHR(0), '')) LIKE UPPER(host) ESCAPE '!' /* fuck that shit! Something appends CHR(0) to its host... */
OR
v_host IS NULL /* fuck that shit! Some hosts are NULLs! */
/* write log (user has logged in!) */
INSERT
INTO pcbaudit_logins
(username, ip_address, host, ts)
VALUES
(v_username, SYS_CONTEXT('USERENV', 'IP_ADDRESS'), v_host, SYSDATE);
COMMIT;
EXCEPTION
WHEN NO_DATA_FOUND THEN /* occurs when no matches were found; i.e. current username is not permitted to login from the current host */
/* log the failed attempt */
INSERT
INTO pcbaudit_failed_logins
(username, ip_address, host, ts)
VALUES
(v_username, SYS_CONTEXT('USERENV', 'IP_ADDRESS'), v_host, SYSDATE);
COMMIT;
/* disconnect user */
RAISE_APPLICATION_ERROR(-20001, v_username || '@' || v_host || ' is not allowed to connect.');
WHEN OTHERS THEN
NULL; /* in this case, NULL is better than an error - if an error occurs, user will not be able to login. */
END;Thank you for your reply!
The situation is quite complicated.
I am aware that a user with DBA privileges can drop the trigger, modify it, etc.
There's an application on top of it and (i don't know why) it requires dba privileges. The point is, there are developers with access to the production database and my task is to stop them from logging in with this username.
Since I'm creating a trigger, I've obviously have no other choice. I can't change the user's password because of number of reasons, I can't deny developers' IP addresses using sqlnet.ora because they need read-only access and so on.
I realize that this is not the way that things are being done (development cycle), but I have no other choice.
So, is there any other way? -
Hi,
I am using Release 11.2.0.3.0 of oracle.
I have created a trigger for restricting specific users(logging from specific program and having specific OSUSER) from loging into the database.
I created below trigger in SYS schema.
CREATE OR REPLACE TRIGGER t1
AFTER
LOGON
ON DATABASE
DECLARE
trg_program varchar2(4000);
trg_user varchar2(4000);
trg_osuser varchar2(4000);
v_killsession VARCHAR2(4000);
v_sid VARCHAR2(4000);
v_serial VARCHAR2(4000);
BEGIN
SELECT UPPER (program), UPPER (USERNAME), UPPER (OSUSER),SID,serial#
INTO trg_program, trg_user, trg_osuser,v_sid,v_serial
FROM v$session
WHERE audsid = SYS_CONTEXT ('USERENV', 'SESSIONID') AND ROWNUM = 1;
IF trg_program IN ('SQLPLUS.EXE','SQLPLUSW.EXE','TOAD.EXE')
AND trg_user in ('USER1','USER2')--,'SYS','SYSTEM')
--AND trg_osuser not in ('O12345')
THEN
raise_application_error(-20001,'You are not authorized to connect to this schema directly!!');
END IF;
END;
when i am logging into USER1 through sqlplus/toad it works fine, i am getting required message which is mentioned as 'raise application error'
but when i am compiling the trigger by uncommenting extra condition for OSUSER i.e trg_osuser not in ('O12345') in the trigger code, so that it wont affect the highly provileged user(i.e OSUSER O12345).During logging in to user USER1 i am getting below error
ERROR:
ORA-04045: errors during recompilation/revalidation of
XIGNCMN.RESTRICT_UNAUTH_ACCESS
ORA-01031: insufficient privileges
it should alow me to login because i am OSUSER 'O12345', so why its not working?Thanks John.
Actually currently we are having database server installed in each of the developers machine so having DBA privilege and having business data, thats why i am planning to configure common database to which all will connect and i wont allow them to connect to the database directly through the functional schema(2 schemas). Now i am planning to restrict the developers access to only 'SELECT+DMLS' for the functional schema and i will do that by creating another user through which they will get connected to the actual functional schema with restricted privilege.
But here the issue is that, for JAVA application, they are having local source code in each of their machine and will also need the connection string/password for the functional schema, so they will know the password for the functional schema, but i want to restrict their access through all the program except 'Jdbc thin client' so i thought of above trigger.
kindly suggest if any other way out? -
Trace users by after logon trigger
Hi.
I have to trace some users application to find the source of problems.
Oracle8i Enterprise Edition Release 8.1.7.0.0
connect system/manager@testdb
create or replace trigger login_trigger
after logon on database
begin
if (USER in ('BLAKE','SCOTT')) then
execute immediate
'ALTER SESSION SET EVENTS ''10046 TRACE NAME CONTEXT FOREVER, LEVEL 12''';
end if;
end;
show error;
SQL> connect scott/tiger@testdb
ERROR:
ORA-00604: error occurred at recursive SQL level 1
ORA-01031: insufficient privileges
ORA-06512: at line 3
OK, I'll grant a priv.
SQL> connect system/manager@testdb
SQL> GRANT administer DATABASE TRIGGER TO "SCOTT";
SQL> connect scott/tiger@testdb
Connected.
Good, only *.trc file is empty after that and there is no trace information for analyse.
Could you please give me a solution?
Mikhailcan't find any *.trc & alert files relevant current time 20080329:20.34
only this
29.03.2008 18:20 72 583 nmuALRT.LOG
25.03.2008 22:22 600 nmuARC0.TRC
but the last connection I've made
20080329:20.34
SQL> connect SCOTT/[email protected]
ERROR:
ORA-00604: error occurred at recursive SQL level 1
ORA-01031: insufficient privileges
ORA-06512: at line 3
this is the files
---nmuALRT.LOG---
Dump file C:\oracle\admin\nmu\bdump\nmuALRT.LOG
Sat Mar 22 17:58:46 2008
ORACLE V8.1.7.0.0 - Production vsnsta=0
vsnsql=e vsnxtr=3
Windows 2000 Version 5.1 Service Pack 2, CPU type 586
Starting up ORACLE RDBMS Version: 8.1.7.0.0.
System parameters with non-default values:
processes = 150
shared_pool_size = 52428800
large_pool_size = 614400
java_pool_size = 20971520
control_files = C:\oracle\oradata\nmu\control01.ctl, C:\oracle\oradata\nmu\control02.ctl, C:\oracle\oradata\nmu\control03.ctl
db_block_buffers = 19200
db_block_size = 8192
compatible = 8.1.0
log_buffer = 32768
log_checkpoint_interval = 10000
log_checkpoint_timeout = 1800
db_files = 1024
db_file_multiblock_read_count= 8
max_enabled_roles = 30
remote_login_passwordfile= EXCLUSIVE
global_names = TRUE
distributed_transactions = 500
instance_name = nmu
service_names = nmu
mts_dispatchers = (PROTOCOL=TCP)(PRE=oracle.aurora.server.SGiopServer)
open_links = 4
sort_area_size = 65536
sort_area_retained_size = 65536
db_name = nmu
open_cursors = 300
os_authent_prefix =
job_queue_processes = 0
job_queue_interval = 10
parallel_max_servers = 5
background_dump_dest = C:\oracle\admin\nmu\bdump
user_dump_dest = C:\oracle\admin\nmu\udump
max_dump_file_size = 10240
oracle_trace_collection_name=
Sat Mar 29 18:20:39 2008
Errors in file C:\oracle\admin\nmu\udump\ORA02288.TRC:
ORA-00604: error occurred at recursive SQL level 1
ORA-01031: insufficient privileges
ORA-06512: at line 3
---nmuARC0.TRC-----------------------------------------
Dump file C:\oracle\admin\nmu\bdump\nmuARC0.TRC
Tue Mar 25 22:22:38 2008
ORACLE V8.1.7.0.0 - Production vsnsta=0
vsnsql=e vsnxtr=3
Windows 2000 Version 5.1 Service Pack 2, CPU type 586
Oracle8i Enterprise Edition Release 8.1.7.0.0 - Production
With the Partitioning option
JServer Release 8.1.7.0.0 - Production
Windows 2000 Version 5.1 Service Pack 2, CPU type 586
Instance name: nmu
Redo thread mounted by this instance: 0 <none>
Oracle process number: 14
Windows thread id: 2592, image: ORACLE.EXE
*** SESSION ID:(11.1) 2008-03-25 22:22:38.428
*** 2008-03-25 22:22:38.428 -
Raise_application_error in after-logon-trigger
Hi,
I try to build a
after logon on database trigger,
this should execute some inserts into an audit-table, and if some conditions are not given, I want the user to be disconnected.
In this forum I found this thread with a trigger similar to my needs:
To prevent TOAD access
But RAISE_APPLICATION_ERROR in this trigger does not cancel the session and so the user stays connected to oracle. Now I am searching for a disconnect-statement!
WolframWolfram,
What we have here is
- a post without a 4 digit database version. Most questions have a version specific answer. The behavior you describe does not apply to all versions, and might even apply to SYSDBA connected users only. Is everyone connecting as SYSDBA?
- a post without a proper description of what the trigger does, and without a proper description of the business need. This is especially important as you seem to re-invent AUDIT CONNECT.
- a post from someone who already thinks he knows the answer.
Rest assured: there is no disconnect statement in PL/SQL
You would really need to come up with more details
- database version, 4 digits
- the actual trigger code
- what you are trying to accomplish in terms of business requirements
- why you can't use AUDIT
Sybrand Bakker
Senior Oracle DBA -
No Outgoing calls to outside after ASA5505 intallation
Hi,
I have a asterix PBX running my system and I upgraded my security with a cisco ASA 5505. Now all the extensions are working including the remote once. Everything elase like internet... other servers all working fine. Only problem is that when ever someone dials a landline number from an extension it does not go through.... seems like the firewall is blocking it but I cannot figure out why or how. All the NAT and Access list is fine. Although I have no idea how to accept the SIP PROXY IP through the firewall and I am guessing that might be the problem. There is no any other problem and I am 100% satisfied with the ASA5505 except this problem... Any help is appreciated..
Thanks
AmalResults
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
Thanks in advance -
Hi,
I created a trigger to avoid users to run commands outside the Forms/Reports environment, which means they must execute their commands using the Application servers (App1 and App2, machine column, in v$session).
I need to send them the message "YOU MUST RUN YOUR COMMANDS USING FORMS" when a user called TST01 is TRYING to connect to the database , running Forms outside App1 or App2 machines .
Here is the code:
CREATE OR REPLACE TRIGGER tr_lock_user_out_forms
AFTER LOGON ON DATABASE
DECLARE
v_user sys.v_$session.username%TYPE;
v_mac sys.v_$session.machine%TYPE;
BEGIN
SELECT username, machine
INTO v_user, v_mac
FROM sys.v_$session
WHERE audsid = USERENV('SESSIONID')
AND audsid != 0
AND ROWNUM = 1;
EXCEPTION WHEN NO_DATA_FOUND THEN NULL;
IF (UPPER(v_user) = 'TST01') THEN
BEGIN
IF LOWER(v_mac) NOT IN ('app1', 'app2')
THEN
RAISE_APPLICATION_ERROR(-20000, 'YOU MUST RUN YOUR COMMANDS USING FORMS');
END IF;
END;
END IF;
END;
SHOW ERRORS
It's allowing user TST01 to connect to the db. Do you guys have any idea ?
Thanks in advance.Thanks for the replies,
Naresh , the idea is to avoid users to connect to the DB without using Oracle Forms, and the message that the user would receive could be "PLEASE, CONNECT TO THE DATABASE USING FORMS ON AAP1 OR APP2" (sorry if the message I wrote before was unclear).
So, the users could not even connect to the DB if they are not login using Forms. Your idea is good but we have 3.000 tables for this user to access, and as after update cannot be used in schema or database levels, I think it won't worth using this event.
I'm trying other code but if any of you guys have another idea to correct the code below it'd be nice.
Thkx in advance. -
Calling of Stored Procedure in After Insert Trigger
Can I call a Stored Procedure in After Insert Trigger ?
Please send a sample code (good example) of After Insert Trigger.
Thanks.Kishore,
I have two table WLCS_ORDER, WLCS_ORDER_LINE
WLCS_ORDER - It holds order header information like
ORDER_ID
CUSTOMER_ID
TRANSACTION_ID
STATUS
ORDER_DATE
SHIPPING_METHOD
SHIPPING_AMOUNT
SHIPPING_CURRENCY
PRICE_AMOUNT
PRICE_CURRENCY
SHIPPING_GEOCODE
SHIPPING_STREET1
SHIPPING_STREET2
SHIPPING_CITY
SHIPPING_STATE
SHIPPING_COUNTRY
SHIPPING_POBOX
SHIPPING_COUNTY
SHIPPING_POSTAL_CODE
SHIPPING_POSTAL_CODE_TYPE
SPECIAL_INSTRUCTIONS
SPLITTING_PREFERENCE
ORDER_SUBTOTAL
WLCS_ORDER_LINE - It holds all order lines information like
ORDER_LINE_ID
QUANTITY
PRODUCT_ID
TAX_AMOUNT
TAX_CURRENCY
SHIPPING_AMOUNT
SHIPPING_CURRENCY
UNIT_PRICE_AMOUNT
UNIT_PRICE_CURRENCY
MSRP_AMOUNT
MSRP_CURRENCY
DESCRIPTION
ORDER_ID
TOTAL_LINE_AMOUNT
Relation between WLCS_ORDER, WLCS_ORDER_LINE is one to many.
For each WLCS_ORDER row, one or more order lines will insert into WLCS_ORDER_LINE table.
For each new row in WLCS_ORDER table, I have to update the following columns in both the tables with my maths.
WLCS_ORDER
shipping_amount
price_amount
order_subtotal
WLCS_ORDER_LINE
shipping_amount
I thought I can do this in after insert trigger, But if it is not possible, Please give the best way to fulfill this requirement.
I appreciate your help.
Have a great day.
Srinivas -
After Logon on Database Trigger Not Working From Client Terminal
Hi Every One
I Have a Problem, I'am Using Oracle 10g R2, I'd Written After Logon on Database Trigger, I'd Written The Trigger Under The Under The User With DBA Privileges, and it is work Fine, but it is work only when i Logon On The Database from The Server Terminal with any user, and If Logon From any Other Terminal It Is Not Work,
Can any One Know The Reason, Please Help me
Yasser MokhtarPlease post the trigger code.
-
Calling java host command in trigger/PLSQL
I created a java call to execute a linux host command that calls a shell script that will echo out a result. It is owned by SYS and has granted execute to SYSTEM. SYSTEM has a table that monitors accesses to the RDBMS. When a user logs on from a remote server vis sqlplus, this LOGON trigger write to the SYSTEM table (successfully). SYSTEM has a trigger that runs a linux command to execute a shell script that pulls the actual IP address from the remote system. I can run this call from a PLSQL block (outside the trigger) and get a response back like "user:101.101.101.111" but when I have the same user log on, the trigger fires - no errors or exceptions yet no rows are returned. Is there some restriction in a trigger versus just a plsql block call? The java code used is what I found on (http://www.oracle-base.com/articles/8i/ ... mPLSQL.php) and it works perfectly OUTSIDE the trigger but nothing is returned in the trigger firing steps. Any idea?
rdbms: 11.1.0.7, Redhat 4
I know the code works because I can write the host command output to a file. Later in the trigger I can open the file and can read the data that should have been returned in the java host call.FYI - here is the code from your site that I used:
DROP JAVA SOURCE SYS."Host";
CREATE OR REPLACE AND RESOLVE JAVA SOURCE NAMED SYS."Host" as import java.io.*;
public class Host {
public static void executeCommand(String command) {
try {
String[] finalCommand;
if (isWindows()) {
finalCommand = new String[4];
// Use the appropriate path for your windows version.
finalCommand[0] = "C:\\windows\\system32\\cmd.exe"; // Windows XP/2003
//finalCommand[0] = "C:\\winnt\\system32\\cmd.exe"; // Windows NT/2000
finalCommand[1] = "/y";
finalCommand[2] = "/c";
finalCommand[3] = command;
else {
finalCommand = new String[3];
finalCommand[0] = "/bin/sh";
finalCommand[1] = "-c";
finalCommand[2] = command;
final Process pr = Runtime.getRuntime().exec(finalCommand);
pr.waitFor();
new Thread(new Runnable(){
public void run() {
BufferedReader br_in = null;
try {
br_in = new BufferedReader(new InputStreamReader(pr.getInputStream()));
String buff = null;
while ((buff = br_in.readLine()) != null) {
System.out.println("Cmd results: " + buff);
try {Thread.sleep(100); } catch(Exception e) {}
br_in.close();
catch (IOException ioe) {
System.out.println("Exception caught printing process output.");
ioe.printStackTrace();
finally {
try {
br_in.close();
} catch (Exception ex) {}
}).start();
new Thread(new Runnable(){
public void run() {
BufferedReader br_err = null;
try {
br_err = new BufferedReader(new InputStreamReader(pr.getErrorStream()));
String buff = null;
while ((buff = br_err.readLine()) != null) {
System.out.println("Cmd Error: " + buff);
try {Thread.sleep(100); } catch(Exception e) {}
br_err.close();
catch (IOException ioe) {
System.out.println("Exception caught printing process error.");
ioe.printStackTrace();
finally {
try {
br_err.close();
} catch (Exception ex) {}
}).start();
catch (Exception ex) {
System.out.println(ex.getLocalizedMessage());
public static boolean isWindows() {
if (System.getProperty("os.name").toLowerCase().indexOf("windows") != -1)
return true;
else
return false;
/ -
AUTHENICATE SSO RAD INFO IN LOGON TRIGGER IN 10G FORM?
I've been trying to add a LOGON Trigger to my Oracle 10g Form to check my RADs after logging into SSO.
I'm having a problem setting up multiple Config's for multiple RADs. I have about 7different applications that I would like to log into but would like to log into the SSO just once. But for some reason each application is asking for a SSO log in.Hi!
This is a webutil-restriction.
You cannot use webutil in triggers that fires before the form has complete focus.
Like pre-form, when-new-form-instance and on-logon triggers.
In a when-new-form-instance trigger create a timer, let's say 200 millisconds long.
In a when-timer-expired trigger you can call webutil.
May you put your configuration-file on the server and use d2kwut !
Regards. -
Exporting LOGON trigger with per schema filtering
I am using the datapump on 10.2g (on linux) to export three schemas. I am using the "SCHEMA" option in the dbms_datapump.open() procedure and then using the metadata_filter with the SCHEMA_EXPR option to limit down to my three schema. I also do some data filtering after that. Works great, except...
I found that we have one LOGON trigger which is NOT getting exported. The trigger IS owned by one of the schemas i am exporting. But, I think that because this is a "system event trigger", rather than a table based trigger, it will not export using the SCHEMA export mode. True ?
I tried switching to the FULL export mode, but then I can not find a way to limit the export to the three schemas.
All the exporting/importing is being done as system, so I don't think this is a priveledge issue.
Ideas? How to datapump specific schemas and also get the system event triggers owned by those schemas ?
Thanks very much for your help.
Bill ClerySure. Here is the trigger that is NOT exporting as part of the Schema export. We have a Schema called ReportView. In that schema are many views, one table, one package, and one trigger (below). Everything except the trigger is getting exported and then imported.
CREATE OR REPLACE TRIGGER reportview.startsess AFTER LOGON ON reportview.SCHEMA
BEGIN
reportview.reportapi.AutoLoadPIT();
END startsess;
The initiation of the export was done like this
PumpHandle := dbms_datapump.open('EXPORT','SCHEMA',NULL, JobName,'LATEST');
dbms_datapump.set_parallel(PumpHandle, 1);
dbms_datapump.metadata_filter(PumpHandle, 'SCHEMA_EXPR', 'IN (''ERIKSYSCORE'',''RBSAPPCORE'',''REPORTVIEW'')');
dbms_datapump.add_file(...)
dbms_datapump.data_filter(...)
dbms_datapump.data_filter(...)
dbms_datapump.start_job(PumpHandle);
dbms_datapump.detach(PumpHandle);
I tried swtiching to the "FULL" method and using the NAME_EXPR to filter down to the same schemas, but could not get this working.
PumpHandle := dbms_datapump.open('EXPORT','FULL',NULL, JobName,'LATEST');
dbms_datapump.set_parallel(PumpHandle, 1);
dbms_datapump.metadata_filter(PumpHandle, 'NAME_EXPR', ???? ); -
Logon trigger not working over DB-Link?
Hi all,
I have a serious question about accessing tables over a database link.
I have three schema:
DATA@SOURCE
INTERFACE@SOURCE
WORK@TARGET
Schema DATA has one table called T1
The INTERFACE schema has select privileges on all tables from DATA. Furthermore schema INTERFACE has a logon trigger to change the "current schema" to DATA:
CREATE OR REPLACE TRIGGER TRG_A_LOGIN_SET_SCHEMA AFTER LOGON
ON INTERFACE.SCHEMA
BEGIN
execute immediate 'ALTER SESSION SET CURRENT_SCHEMA = DATA';
END;
The WORK schema has a database link to the INTERFACE schema called INT_DB_LINK.
I am now logged into schema WORK on the TARGET database and I am executing following statement:
select a from T1@INT_DB_LINK
-> it's working
Next I execute
declare
cursor c is
select a
from T1@INT_DB_LINK
where rownum<2;
begin
for r in c loop
null;
end loop;
end;
This is not working. Error message is ORA-000942: table or view does not exist.
But why?
Can anyone help me?
Thanks in advance
PyHi all,
after a long, very long search I found what caused this strange behaviour.
The ORA- Error was not raised by the SQL-Execution-Engine but by the SQL-Parser/SQL-Validation.
As the second statement is an anonymous SQL block the Oracle Parser checks all objects dependencies before execution.
This means a connection is established from TARGET to SOURCE checking if table T1 is available. The strange thing is
that on this connection the "ALTER SESSION" trigger is not fired. So the parser does not find object T1 in schema INTERFACE.
If I create an empty table T1 in INTERFACE the anonymous block gets parsed/validated and the statement is executed. But this
time the block does a normal "connect session" and the trigger is fired. This means the statements accesses the T1 table in
schema DATA. (But T1 in INTERFACE has to be existent that parse/validation works)
I don't know if this is a bug or a feature.
To workaround this I have created private synonyms in schema INTERFACE pointing to the objects in DATA.
Thanks for your help!
Py
regarding the other qestion:
Yes, permissions are granted over a role. -
Using Database Change Notification instead of After Insert Trigger
Hello guys! I have an after insert trigger that calls a procedure, which in turn is doing an update or insert on another table. Due to mutating table errors I declared the trigger and procedure as autonomously transactional. The problem is, that old values of my main tables are inserted into the subtable since the after insert/update trigger is fired before the commit.
My question is how can I solve that and how could I use the change notification package to call my procedure? I now that this notification is only started after a DML/DDL action has been commited on a table.
If you could show me how to carry out the following code with a Database Change Notification I'd be delighted. Furthermore I need to know if it suffices to set up this notification only once or for each client seperately?
Many thanks for your help and expertise!
Regards,
Sebastian
declare
cnumber number (6);
begin
select count(*) into cnumber from (
select case when (select date_datum
from
(select f.date_datum,
row_number() over (order by f.objectid desc) rn
from borki.fangzahlen f
where lng_falle = :new.lng_falle
and int_fallennummer = :new.int_fallennummer
and lng_schaedling = :new.lng_schaedling
and date_datum > '31.03.2010'
where rn=1) < (select date_datum
from
(select f.date_datum,
row_number() over (order by f.objectid desc) rn
from borki.fangzahlen f
where lng_falle = :new.lng_falle
and int_fallennummer = :new.int_fallennummer
and lng_schaedling = :new.lng_schaedling
and date_datum > '31.03.2010'
where rn=2) then 1 end as action from borki.fangzahlen
where lng_falle = :new.lng_falle
and int_fallennummer = :new.int_fallennummer
and lng_schaedling = :new.lng_schaedling
and date_datum > '31.03.2010') where action = 1;
if cnumber != 0 then
delete from borki.tbl_test where lng_falle = :new.lng_falle
and int_fallennummer = :new.int_fallennummer
and lng_schaedling = :new.lng_schaedling
and date_datum > '31.03.2010';
commit;
pr_fangzahlen_tw_sync_sk(:new.lng_falle, :new.int_fallennummer, :new.lng_schaedling);It looks like you have an error in line 37 of your code. Once you fix that the problem should be resolved.
Maybe you are looking for
-
IPod no longer recognises files
Ok, I originally used this computer with iTunes to initially sync my music and videos to my new iPod touch 2nd gen when I bought it in December, while my computer was being repaired. When my computer was repaired, I transferred the music from this co
-
Duplicate address Book entries on iPod
Hi, I posted this on the iSync and iPod forums and haven't gotten a response so I thought I'd post it here. So sorry for the extra posting but sometimes its difficult to know which fourm can be the best. Hi, Hope someone can tell me what I need to do
-
Error when Time field is left empty
Hi: Does anyone know the exact reason for the following error? When I leave the input field of type Time empty I get the below error. It seems to orginate when the time field is being set internally by web dynpro. Thanks for your help. java.lang.Inde
-
Dear all, What I need is a client (browser) site validation of values for a time recording system. The format should be as <hh24><Delimiter>(.(or),) 1/4 hours as decimal value (e.g. 15 minutes = 0.25). So as a result valid entrys should be. 00.00 as
-
Hey everyone. I'm trying to read a few rather large PDFs on my iPhone using FileMagnet, but after I get past page 6 or 7, FileMagnet informs me that there isn't enough memory to load the rest of the file. What can I do to view this, and other large P