Logon-Trigger, TOO_MANY_ROWS exception
Hi,
for a NLS check there is a need for a logon trigger which is implemented for half a year. It works fine but very seldom the following select throws a TOO_MANY_ROWS exception:
SELECT *
FROM v$session
WHERE audsid = USERENV('SESSIONID')
I can state that this happens only for a user who is connected to the database by a virtual machine. Don´t know how I can fix it ... How can I reduce the number of rows to a level that I only get one row ...?!
Any ideas or hints for me?
Thanks in advance,
Michael
Hi,
following statement is the nls-check.
SELECT n.VALUE
FROM nls_session_parameters n
WHERE n.parameter = 'NLS_TERRITORY'
If another Territory occurs than supposed I will write a mail to get to know on which seat and for which user I have to change the setting.
For the mail I need to know which user, session, machine, etc. ..
With regards,
Michael
Similar Messages
-
Sql server 2012 Logon trigger not working for certain logins
Hello. I created a login trigger to insert data for each login in a table, and it works for all logins except one that is format domain\login
and the login ends with the dollar sign(actual name is domain\CTXDEVDCSI1$).
I had been using varchar, but after reading other forum posts, I changed the varchar's to nvarchar's, but it still fails for that id.
The errors written to the sql server error log were the usual "login failed due to trigger execution".
I had granted insert on the rvvlogindata table in dsa to public, and only one id wasn't able to login after that.
Any suggestions would be much appreciated!
Here's the modified table ddl:
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE TABLE [dbo].[rvvlogindata](
[sessionId] [int] NULL,
[LoginTime] [datetime] NULL,
[HostName] [nvarchar](50) NULL,
[ProgramName] [nvarchar](300) NULL,
[LoginName] [nvarchar](50) NULL,
[ClientHost] [nvarchar](50) NULL
) ON [PRIMARY]
GO
Here's the logon trigger code:
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
create trigger [LOGIN_IP_RESTRICTION] on all server for logon
as
Begin
Declare @LogonTriggerData xml,
@EventTime datetime,
@LoginName nvarchar(50),
@ClientHost nvarchar(50),
@HostName nvarchar(50),
@AppName nvarchar(300)
Set @LogonTriggerData = eventdata()
set @EventTime = @LogonTriggerData.value('(/EVENT_INSTANCE/PostTime)[1]', 'datetime')
set @LoginName = @LogonTriggerData.value('(/EVENT_INSTANCE/LoginName)[1]', 'varchar(50)')
set @ClientHost = @LogonTriggerData.value('(/EVENT_INSTANCE/ClientHost)[1]', 'varchar(50)')
set @HostName = HOST_NAME()
set @AppName = APP_NAME()
insert into dsa.dbo.rvvlogindata
sessionId,
LoginTime,
HostName,
ProgramName,
LoginName,
ClientHost
select @@spid,
@EventTime,
convert(nvarchar(50),@HostName),
convert(nvarchar(300),@AppName),
convert(nvarchar(50),@LoginName),
convert(nvarchar(50),@ClientHost)
END
GO
SET ANSI_NULLS OFF
GO
SET QUOTED_IDENTIFIER OFF
GO
ENABLE TRIGGER [LOGIN_IP_RESTRICTION] ON ALL SERVER
GOErland, I wanted to add more info to my reply earlier today.
sp_who2 showed no blocking, activity monitor from my local PC SSMS showed no major waits or high i/o or cpu activity.
I was wondering if you have any suggestions on how to find out what was the cause of the 5+ minute wait for SSMS on the remote desktop to respond and fully come up.
I definitely can't put this in production with this hanging delay possibly occurring there.
I was connecting as read_user when it hung.
sp_who2 output at the time was:
1 BACKGROUND sa . . NULL LOG WRITER 54631 0 04/10
06:59:43
1 0
2 BACKGROUND sa . . NULL RECOVERY WRITER 8673 0 04/10 06:59:43
2 0
3 BACKGROUND sa . . NULL LAZY WRITER 300691 0 04/10
06:59:43
3 0
4 BACKGROUND sa . . NULL RESOURCE MONITOR 1207010 0 04/10 06:59:43
4 0
5 BACKGROUND sa . . NULL XE TIMER 38828 0 04/10
06:59:43
5 0
6 BACKGROUND sa . . NULL XE DISPATCHER 1404 0 04/10
06:59:43
6 0
7 BACKGROUND sa . . master SIGNAL HANDLER 0 0 04/10 06:59:43
7 0
8 BACKGROUND sa . . NULL LOCK MONITOR 179978 0 04/10
06:59:43
8 0
9 sleeping sa . . master TASK MANAGER 0 11 04/21
08:37:04
9 0
10 sleeping sa . . master TASK MANAGER 0 0 04/10
06:59:44
10 0
11 BACKGROUND sa . . master TRACE QUEUE TASK 546 0 04/10 06:59:44
11 0
12 BACKGROUND sa . . NULL SYSTEM_HEALTH_MO 4930 0 04/10 06:59:44
12 0
13 BACKGROUND sa . . NULL RECEIVE 422 0 04/10
06:59:45
13 0
14 BACKGROUND sa . . master CHECKPOINT 79137 31811 04/10
06:59:46
14 0
15 BACKGROUND sa . . master TASK MANAGER 1606 0 04/10
06:59:46
15 0
16 BACKGROUND sa . . NULL UNKNOWN TOKEN 0 0 04/10 06:59:46
16 0
17 sleeping sa . . master TASK MANAGER 0 74 04/21
08:37:04
17 0
18 sleeping sa . . master TASK MANAGER 0 0 04/21
08:18:49
18 0
19 sleeping sa . . master TASK MANAGER 0 0 04/21
08:30:29
19 0
20 sleeping sa . . master TASK MANAGER 0 1 04/21
08:37:14
20 0
21 sleeping sa . . master TASK MANAGER 0 7 04/21
08:30:59
21 0
22 sleeping sa . . master TASK MANAGER 16 4 04/21
08:37:44
22 0
23 sleeping sa . . master TASK MANAGER 0 15 04/21
08:39:24
23 0
25 BACKGROUND sa . . master BRKR EVENT HNDLR 0 95 04/10 06:59:48
25 0
30 BACKGROUND sa . . master BRKR TASK 0 0 04/10
06:59:48
30 0
31 BACKGROUND sa . . master BRKR TASK 16926 0 04/10
06:59:48
31 0
32 BACKGROUND sa . . master BRKR TASK 0 0 04/10
06:59:48
32 0
34 BACKGROUND sa . . master BRKR TASK 10701 0 04/10
06:59:48
34 0
51 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
03:16:56
51 0
52 sleeping reports_adm REPORTSDEVSI2 . JBOSS_Cluster_CRServer2011 AWAITING COMMAND 0 0 04/21
08:52:12 jTDS
52 0
53 sleeping NT AUTHORITY\SYSTEM SQLDEV2012 . msdb AWAITING COMMAND 0 0 04/10
06:59:58 SQLAgent - Email Logger 53 0
54 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:51 Citrix:Broker#1 54 0
55 sleeping edit_user ASDEV1 . dsa AWAITING
COMMAND 0 0 04/21 08:55:27 jTDS
55 0
56 sleeping reports_adm REPORTSDEVSI2 . JBOSS_Cluster_CRServer2011 AWAITING COMMAND 0 0 04/21
08:52:12 jTDS
56 0
57 sleeping reports_adm REPORTSDEVSI2 . JBOSS_Cluster_CRServer2011 AWAITING COMMAND 0 0 04/21
08:52:12 jTDS
57 0
58 sleeping reports_adm REPORTSDEVSI2 . JBOSS_Cluster_CRServer2011 AWAITING COMMAND 0 0 04/21
08:52:12 jTDS
58 0
59 sleeping NT AUTHORITY\SYSTEM SQLDEV2012 . msdb AWAITING COMMAND 124 242 04/10
06:59:59 SQLAgent - Generic Refresher 59 0
60 sleeping NT AUTHORITY\SYSTEM SQLDEV2012 . msdb AWAITING COMMAND 2790 1160 04/21
08:55:00 SQLAgent - Job invocation engine 60 0
61 sleeping reports_adm REPORTSDEVSI2 . JBOSS_Cluster_CRServer2011 AWAITING COMMAND 0 0 04/21
08:52:12 jTDS
61 0
62 sleeping reports_adm REPORTSDEVSI2 . JBOSS_Cluster_CRServer2011 AWAITING COMMAND 0 0 04/21
08:52:12 jTDS
62 0
63 sleeping reports_adm REPORTSDEVSI2 . JBOSS_Cluster_CRServer2011 AWAITING COMMAND 0 0 04/21
08:52:12 jTDS
63 0
64 sleeping reports_adm REPORTSDEVSI2 . JBOSS_Cluster_CRServer2011 AWAITING COMMAND 0 0 04/21
08:52:12 jTDS
64 0
65 sleeping reports_adm REPORTSDEVSI2 . JBOSS_Cluster_CRServer2011 AWAITING COMMAND 0 0 04/21
08:52:12 jTDS
65 0
66 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
03:16:56
66 0
67 sleeping reports_adm REPORTSDEVSI2 . JBOSS_Cluster_CRServer2011 AWAITING COMMAND 0 0 04/21
08:52:12 jTDS
67 0
68 sleeping edit_user DCMA10685 . dsa AWAITING COMMAND 0 0 04/21
08:56:47 jTDS
68 0
69 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:49 Citrix:Configuration 69 0
70 sleeping rvanveen DCMA8460 . master AWAITING COMMAND 1794 7120 04/21
08:51:37 Microsoft SQL Server Management Studio 70 0
71 sleeping xsp_user XSPDEVSI2 . xspv5 AWAITING COMMAND 0 0 04/21
08:58:52 .Net SqlClient Data Provider 71 0
72 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:56:01 Citrix:Monitor 72 0
73 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:30 Citrix:Monitor 73 0
74 sleeping rvanveen DCMA8460 . master AWAITING COMMAND 16 2 04/21
08:53:37 Microsoft SQL Server Management Studio - Query 74 0
75 sleeping rvanveen DCMA8460 . loginaudit AWAITING COMMAND 0 22 04/21
08:50:29 Microsoft SQL Server Management Studio - Query 75 0
76 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
07:05:07
76 0
77 sleeping adm_jbossportal ASDEV1 . jbossportal AWAITING
COMMAND 0 0 04/21 08:40:27 jTDS
77 0
78 sleeping rvanveen DCMA8460 . master AWAITING COMMAND 110 542 04/21
08:46:17 Microsoft SQL Server Management Studio - Query 78 0
79 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
07:05:56
79 0
80 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:54 Citrix:MachineCreation 80 0
81 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
08:08:29
81 0
82 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
07:02:13
82 0
83 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
07:02:15
83 0
84 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:44 Citrix:Monitor 84 0
85 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
07:11:05
85 0
86 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:53 Citrix:AdIdentity 86 0
87 sleeping DAIWA_USA\admsql SQLDEV2012 . master AWAITING COMMAND 15 2 04/21
08:56:20 Microsoft SQL Server Management Studio - Query 87 0
88 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:36 Citrix:SiteServices 88 0
89 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:42 Citrix:Host 89 0
90 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:47 Citrix:ConfigurationLogging 90 0
91 RUNNABLE rvanveen DCMA8460 . master SELECT INTO
15 51 04/21 08:58:46 Microsoft SQL Server Management Studio - Query 91 0
92 sleeping rvanveen DCMA8460 . master AWAITING COMMAND 63 30 04/21
08:52:34 Microsoft SQL Server Management Studio - Query 92 0
94 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:53 Citrix:DelegatedAdmin 94 0
95 sleeping DAIWA_USA\admsql SQLDEV2012 . loginaudit AWAITING COMMAND 173 27 04/21
08:56:10 Microsoft SQL Server Management Studio 95 0
96 sleeping xsp_user XSPDEVSI2 . xspv5 AWAITING COMMAND 0 0 04/21
08:58:33 .Net SqlClient Data Provider 96 0
97 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
08:10:07
97 0
98 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 31 38 04/21
08:00:31
98 0
99 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
08:10:12
99 0
100 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 282 04/21
08:10:14
100 0
101 sleeping DAIWA_USA\admsql SQLDEV2012 . master AWAITING COMMAND 0 8 04/21
08:56:50 Microsoft SQL Server Management Studio 101 0
102 sleeping DAIWA_USA\admsql SQLDEV2012 . master AWAITING COMMAND 31 0 04/21
08:54:57 Microsoft SQL Server Management Studio 102 0
103 sleeping read_user SQLDEV2012 . master AWAITING COMMAND 0 8 04/21
08:57:09 Microsoft SQL Server Management Studio 103 0
104 sleeping read_user SQLDEV2012 . dsa AWAITING COMMAND 0 0 04/21
08:57:09 Microsoft SQL Server Management Studio 104 0
105 sleeping rvanveen DCMA8460 . tempdb AWAITING COMMAND 8875 336 04/21
08:58:54 Microsoft SQL Server Management Studio 105 0
106 sleeping read_user SQLDEV2012 . master AWAITING COMMAND 16 0 04/21
08:57:39 Microsoft SQL Server Management Studio 106 0
107 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:47 Citrix:EnvTest 107 0
108 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 2200 8514 04/21
08:00:31
108 0
109 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
07:05:56
109 0
110 sleeping rvanveen DCMA8460 . master AWAITING COMMAND 0 0 04/21
08:58:48 Microsoft SQL Server Management Studio 110 0
113 sleeping Citrix_adm CTXDEVSI1 . XenApp6 AWAITING COMMAND 284 777 04/21
08:51:33 Citrix IMA 113 0
119 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:42 Citrix:ConfigurationLoggingData 119 0
120 sleeping AMERICAS\CTXDEVDCSI1$ CTXDEVDCSI1 . CitrixXDFarm1 AWAITING COMMAND 0 0 04/21
08:58:26 Citrix:Storefront 120 0
125 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/16
13:55:16
125 0
126 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 16 0 04/16
11:25:30
126 0
131 sleeping echouliak DCMA10685 . master AWAITING COMMAND 139 8 04/14
15:26:55 Microsoft SQL Server Management Studio 131 0
135 sleeping echouliak DCMA10685 . dsa AWAITING COMMAND 0 0 04/14
15:24:52 Microsoft SQL Server Management Studio - Query 135 0
136 sleeping echouliak DCMA10685 . dsa AWAITING COMMAND 0 0 04/14
15:00:17 Microsoft SQL Server Management Studio - Query 136 0
140 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
07:05:56
140 0
145 sleeping edit_user INFADEVFS2 . dsa AWAITING COMMAND 0 0 04/21
07:05:56
145 0 -
The logon trigger written by me is nt returing either program or module from the V$session table. Here is my trigger
create or replace trigger PROGME
after logon on database
declare
v_SCHEMANAME varchar2(30);
t_program varchar2(64);
begin
v_SCHEMANAME := SYS_CONTEXT('USERENV','SESSION_USER');
sys_context(''userenv'',''SESSIONID'')' into t_program;
logon_proc;
select MODULE
into t_program
from v$session where username = (select
(sys_context('userenv','session_user')) from dual) and
audsid= (select(sys_context('userenv','sessionid')) from dual);
RAISE_APPLICATION_ERROR (-20000,SQLERRM || T_PROGRAM);
IF v_SCHEMANAME = 'REPADMIN' AND upper(t_PROGRAM) like '%TO%' THEN
RAISE_APPLICATION_ERROR (-20000,SQLERRM || T_PROGRAM);
END IF;
exception
when others then
RAISE_APPLICATION_ERROR (-20000,SQLERRM || v_PROGRAM);
end PROGME;
Thanks in advance
RaghuEven tried rewriting like this
create or replace trigger PROGME
after logon on database
declare
v_SCHEMANAME varchar2(30);
v_USERNAME varchar2(30);
v_PROGRAM varchar2(30);
v_SESSION NUMBER;
v_SERIALNO NUMBER;
V_ssql varchar2(100);
v_count number;
t_program varchar2(64);
begin
select program
into t_program
from v$session where username = (select
(sys_context('userenv','session_user')) from dual) and
audsid= (select(sys_context('userenv','sessionid')) from dual);
RAISE_APPLICATION_ERROR (-20000,SQLERRM || T_PROGRAM);
IF v_SCHEMANAME = 'REPADMIN' AND upper(t_PROGRAM) like '%TOAD%' THEN
RAISE_APPLICATION_ERROR (-20000,SQLERRM || T_PROGRAM);
END IF;
exception
when others then
RAISE_APPLICATION_ERROR (-20000,SQLERRM || v_PROGRAM);
end trg_no_TOAD_logon; -
Exporting LOGON trigger with per schema filtering
I am using the datapump on 10.2g (on linux) to export three schemas. I am using the "SCHEMA" option in the dbms_datapump.open() procedure and then using the metadata_filter with the SCHEMA_EXPR option to limit down to my three schema. I also do some data filtering after that. Works great, except...
I found that we have one LOGON trigger which is NOT getting exported. The trigger IS owned by one of the schemas i am exporting. But, I think that because this is a "system event trigger", rather than a table based trigger, it will not export using the SCHEMA export mode. True ?
I tried switching to the FULL export mode, but then I can not find a way to limit the export to the three schemas.
All the exporting/importing is being done as system, so I don't think this is a priveledge issue.
Ideas? How to datapump specific schemas and also get the system event triggers owned by those schemas ?
Thanks very much for your help.
Bill ClerySure. Here is the trigger that is NOT exporting as part of the Schema export. We have a Schema called ReportView. In that schema are many views, one table, one package, and one trigger (below). Everything except the trigger is getting exported and then imported.
CREATE OR REPLACE TRIGGER reportview.startsess AFTER LOGON ON reportview.SCHEMA
BEGIN
reportview.reportapi.AutoLoadPIT();
END startsess;
The initiation of the export was done like this
PumpHandle := dbms_datapump.open('EXPORT','SCHEMA',NULL, JobName,'LATEST');
dbms_datapump.set_parallel(PumpHandle, 1);
dbms_datapump.metadata_filter(PumpHandle, 'SCHEMA_EXPR', 'IN (''ERIKSYSCORE'',''RBSAPPCORE'',''REPORTVIEW'')');
dbms_datapump.add_file(...)
dbms_datapump.data_filter(...)
dbms_datapump.data_filter(...)
dbms_datapump.start_job(PumpHandle);
dbms_datapump.detach(PumpHandle);
I tried swtiching to the "FULL" method and using the NAME_EXPR to filter down to the same schemas, but could not get this working.
PumpHandle := dbms_datapump.open('EXPORT','FULL',NULL, JobName,'LATEST');
dbms_datapump.set_parallel(PumpHandle, 1);
dbms_datapump.metadata_filter(PumpHandle, 'NAME_EXPR', ???? ); -
Closing DBA session in AFTER LOGON trigger
Hello *,
this is my first question here and my first piece of code in oracle so please don't laugh ;-)
I'm trying to create an AFTER LOGON trigger which disconnects a user if he/she tries to log in from an incorrect host.
What should happen?
User tries to connect.
If he/she is permitted, a record is added to a table.
If not, a record is added to another table and the user is disconnected using RAISE_APPLICATION_ERROR().
After a number of issues I've got it working, except ... I have the feeling that RAISE_APPLICATION_ERROR() doesn't effect users with DBA privileges.
Finally, I'm testing it with one ordinary user - DEF.
The main idea is to disallow connections from user ABC which has DBA privileges.
Tests using DEF are successful but when ABC tries to log in from an incorrect host, a record is added in pcbaudit_failed_logins but the user is not disconnected.
The database is 9.2.0.8.0 and I'm prepared to post RDA report if it is required.
Thank you for your help in advance - I hope I was kind enough :P
Here's the code for the trigger:
DROP TABLE pcbaudit_users;
CREATE TABLE pcbaudit_users (username VARCHAR2(32) NOT NULL, host VARCHAR2(64) NOT NULL);
CREATE INDEX idx_pcbaudit_users_username ON pcbaudit_users(username);
CREATE INDEX idx_pcbaudit_users_host ON pcbaudit_users(host);
DROP TABLE pcbaudit_logins;
CREATE TABLE pcbaudit_logins (username VARCHAR2(32), ip_address VARCHAR2(15), host VARCHAR2(64), ts DATE);
DROP TABLE pcbaudit_failed_logins;
CREATE TABLE pcbaudit_failed_logins (username VARCHAR2(32), ip_address VARCHAR2(15), host VARCHAR2(64), ts DATE);
CREATE OR REPLACE PUBLIC SYNONYM pcbaudit_users FOR sys.pcbaudit_users;
CREATE OR REPLACE PUBLIC SYNONYM pcbaudit_logins FOR sys.pcbaudit_logins;
CREATE OR REPLACE PUBLIC SYNONYM pcbaudit_failed_logins FOR sys.pcbaudit_failed_logins;
GRANT SELECT ON sys.pcbaudit_users TO public;
GRANT INSERT ON sys.pcbaudit_logins TO public;
GRANT INSERT ON sys.pcbaudit_failed_logins TO public;
INSERT INTO pcbaudit_users VALUES ('SYS', '%');
INSERT INTO pcbaudit_users VALUES ('SYSTEM', '%');
INSERT INTO pcbaudit_users VALUES ('ABC', '%');
INSERT INTO pcbaudit_users VALUES ('DEF', '%');
COMMIT;
CREATE OR REPLACE
TRIGGER logon_pcbaudit_trigger AFTER LOGON ON DATABASE
DECLARE
v_username VARCHAR2(32); /* variable that will hold current username */
v_host VARCHAR2(4000); /* variable that will hold current host */
v_allowed NUMBER(1) := 0;
PRAGMA AUTONOMOUS_TRANSACTION;
BEGIN
SELECT UPPER(USER), /* current user */
UPPER(SYS_CONTEXT('USERENV', 'HOST')) /* current user host */
INTO v_username,
v_host
FROM dual;
/* debug */
-- DBMS_OUTPUT.PUT_LINE(v_username || '@' || v_host);
SELECT 1
INTO v_allowed
FROM pcbaudit_users
WHERE UPPER(username) = v_username
AND (
UPPER(REPLACE(v_host, CHR(0), '')) LIKE UPPER(host) ESCAPE '!' /* fuck that shit! Something appends CHR(0) to its host... */
OR
v_host IS NULL /* fuck that shit! Some hosts are NULLs! */
/* write log (user has logged in!) */
INSERT
INTO pcbaudit_logins
(username, ip_address, host, ts)
VALUES
(v_username, SYS_CONTEXT('USERENV', 'IP_ADDRESS'), v_host, SYSDATE);
COMMIT;
EXCEPTION
WHEN NO_DATA_FOUND THEN /* occurs when no matches were found; i.e. current username is not permitted to login from the current host */
/* log the failed attempt */
INSERT
INTO pcbaudit_failed_logins
(username, ip_address, host, ts)
VALUES
(v_username, SYS_CONTEXT('USERENV', 'IP_ADDRESS'), v_host, SYSDATE);
COMMIT;
/* disconnect user */
RAISE_APPLICATION_ERROR(-20001, v_username || '@' || v_host || ' is not allowed to connect.');
WHEN OTHERS THEN
NULL; /* in this case, NULL is better than an error - if an error occurs, user will not be able to login. */
END;Thank you for your reply!
The situation is quite complicated.
I am aware that a user with DBA privileges can drop the trigger, modify it, etc.
There's an application on top of it and (i don't know why) it requires dba privileges. The point is, there are developers with access to the production database and my task is to stop them from logging in with this username.
Since I'm creating a trigger, I've obviously have no other choice. I can't change the user's password because of number of reasons, I can't deny developers' IP addresses using sqlnet.ora because they need read-only access and so on.
I realize that this is not the way that things are being done (development cycle), but I have no other choice.
So, is there any other way? -
Insufficient privileges using execute immediate in after logon trigger
I have an after logon trigger that executes a package/procedure in the schema it was created in.
One of the procedures runs the following:
EXECUTE IMMEDIATE 'AUDIT INSERT TABLE, UPDATE TABLE, DELETE TABLE, EXECUTE PROCEDURE BY ' || USER;
The procedure is throwing an insufficient privileges error when executing this.
However - the schema owner has audit any and audit system privileges and - the statement works fine independently.
When I login as another user this issue arises. The package/procedure are created with definers rights... So - i'm not sure why this is happenening.
Any help is appreciated.privileges acquired via ROLE do NOT apply within named PL/SQL procedures.
SQL> SET ROLE NONE
SQL> --issue AUDIT again now -
Logon trigger setting nls_date_format over ridden by sql developer?
Problem: Developers are inserting a Date record into a varchar field. I can't change this process right now. Non-Date info is stored here also. Would require a code change.
To simplify this, I wanted to get all the developers to insert using the same 'nls_date_format'. I had hoped to be able to centralize this by having Oracle set it in the database. I tried this by setting the database nls_date_format and with a logon trigger.
See test below. Seems to be over ridden.
Test case is with SQL Developer. Noticed the same thing when developers use Websphere. I think we reduce the chance for errors, if I can handle this in the database. However, my nls_date_format settings are getting over ridden.
1. s et database parameter nls_date_format to YYYY-MM-DD HH24:MI:SS , this gets over riden by SQL Developer/Websphere
2. Created a trigger with an 'alter session', but this seems to get over ridden also.
Please see test case below:
Oracle 11.2.0.3
test logging: SQLPLUS locally on the unix server, then log in using SQL Developer which is installed on my laptop.
SQL Developer NLS_DATE_FORMAT : YYYY-MON-DD HH24:MI:SS , This is different for test purposes
I have auditing turned turned on to db,extended with 'audit all by 'user' by access;' for test purposes to get more info.
create table test (username varchar2(30),sid number,mytest varchar2(300),insert_date date);
create or replace
TRIGGER LOGINTRG
AFTER LOGON ON DATABASE
BEGIN
insert into test select user, sys_context('USERENV','SID') ,value,sysdate from v$parameter where name = 'nls_date_format';
EXECUTE IMMEDIATE 'ALTER SESSION SET NLS_DATE_FORMAT=''YYYY-MM-DD HH24:MI:SS''';
insert into test select user, sys_context('USERENV','SID') ,value,sysdate from v$parameter where name = 'nls_date_format';
commit;
END LOGINTRG;
/Results/Questions
1. When I select from 'test', I confirm that my NLS_DATE_FORMAT is the same both before and after the alter session.
2. select value from v$parameter where name = 'nls_date_format'
output: YYYY-MON-DD HH24:MI:SS (so sql developer is over riding this);
3. select * from dba_audit_trail where username = 'MYUSER' order by timestamp desc;
The SQLs from the logon trigger are not captured. how do I capture logon trigger sqls? Not a huge deal, just curious
4. I do not see any alter sessions issued by my user. shouldn't audit all by access capture that? how could my session nls_date_format change without an alter session?
Edited by: Guess2 on Apr 22, 2013 10:44 AM>
Problem: Developers are inserting a Date record into a varchar field.
>
No - they aren't. That is physically impossible. The only thing that can be stored in a 'varchar field' is a string. Oracle considers ANYTHING stored in a character column to be a string.
Date values are stored in DATE columns. Perhaps you meant that developers are converting DATE values to strings and then storing the string in a 'varchar field'?
>
I can't change this process right now. Non-Date info is stored here also.
>
WONDERFUL! Why use a column to stored just one type of data? That is extremely wasteful. Hopefully you store strings that represent numbers in that same column also? It makes the data model so much easier to understand if developers only need to learn one datatype.
>
Would require a code change.
>
The horror!
You should never, ever, EVER use a code change to fix a problem if there is even the slightest possibility that you can change the ENTIRE DATABASE instead.
I've got good news though. You are now on version Oracle 11.2.0.3 and Oracle, after months of protests by some of their largest clients, has finally dropped the exhorbitant license fees for using some of the more esoteric datatypes like DATE and NUMBER.
You should suggest to your manager that they use some of the license fee money saved to hire developers that already know how to design proper data models and use those new-fangled datatypes.
Trust me - once you've made it up that steep learning curve your code will have fewer of those pesky 'dirty data' issues to deal with.
Sure - it means less job security for your current developers. But sometimes you just have to 'take one for the team'! -
AUTHENICATE SSO RAD INFO IN LOGON TRIGGER IN 10G FORM?
I've been trying to add a LOGON Trigger to my Oracle 10g Form to check my RADs after logging into SSO.
I'm having a problem setting up multiple Config's for multiple RADs. I have about 7different applications that I would like to log into but would like to log into the SSO just once. But for some reason each application is asking for a SSO log in.Hi!
This is a webutil-restriction.
You cannot use webutil in triggers that fires before the form has complete focus.
Like pre-form, when-new-form-instance and on-logon triggers.
In a when-new-form-instance trigger create a timer, let's say 200 millisconds long.
In a when-timer-expired trigger you can call webutil.
May you put your configuration-file on the server and use d2kwut !
Regards. -
Logon trigger - restrict acces using Toad, SQLPLUS...
Oracle 10.2.0.4
I have users who use oracle form - ifweb90.exe.
I want to restrict them to access database using SQL Developer, TOAD or any other tools. I create logon trigger:
CREATE OR REPLACE TRIGGER block_users
AFTER LOGON ON DATABASE
begin
FOR REC IN (SELECT USERNAME,PROGRAM
FROM V$SESSION
WHERE AUDSID = USERENV('SESSIONID'))
LOOP
if rec.username like ('X%')
and
rec.program not like ('ifweb90.exe')
then
RAISE_APPLICATION_ERROR(-20001,'ERROR MESSAGE');
end if;
end loop;
END;
This solution don’t work if the program executable is renamed (this can’t be done with SQL Developer).
1. Is there any way to solve this?
2. Whether this trigger will use resources, whether this trigger will check all connection? What is the cost to pay in terms of performance?
Thanks in advance!
Edited by: user9106065 on Nov 9, 2010 3:17 AMThis solution don’t work if the program executable is renamed (this can’t be done with SQL Developer).
1. Is there any way to solve this?Better alternative would be to change your own program, set the client_application_info and check for that using logon trigger. Anything else, can then be thrown off.
2. Whether this trigger will use resources, whether this trigger will check all connection? What is the cost to pay in terms of performance?There would be negligible usage of resources.
But this trigger won't stop any connections from any tool which come in as SYSDBA. -
Populating OUT parameters when TOO_MANY_ROWS exception is thrown
When I was trying to write code to test out today's PL/SQL challenge quiz, the behavior appears to depend on the table being queried. I can't figure out what attribute of the table drives the behavior (or if there is a different explanation for the behavior).
The quiz is testing what happens when a procedure does a SELECT INTO an OUT parameter and a TOO_MANY_ROWS exception is thrown. The intent is to show that even though the behavior is technically undefined, what actually happens is that the OUT parameter is populated with the first row that is selected (obviously, you would never write code that depends on this behavior-- this is solely an academic exercise). The demonstration code works as expected
CREATE TABLE plch_emp ( emp_name VARCHAR2(100) );
INSERT INTO plch_emp VALUES ('Jones');
INSERT INTO plch_emp VALUES ('Smith');
COMMIT;
CREATE OR REPLACE PROCEDURE plch_get
(out_name OUT plch_emp.emp_name%TYPE) IS
BEGIN
SELECT emp_name
INTO out_name
FROM plch_emp
ORDER BY emp_name;
EXCEPTION
WHEN OTHERS THEN
dbms_output.put_line('A:' || out_name);
END;
What will be displayed after executing the following block:
DECLARE
l_name plch_emp.emp_name%TYPE;
BEGIN
plch_get(l_name);
dbms_output.put_line('B:' || l_name);
END;
/and outputs
A:Jones
B:JonesWhen I replicate the logic while hitting the EMP table, the PLCH_EMP table, and the newly created EMP2 table, however, I get different behavior for the EMP and EMP2 tables. The procedure that queries PLCH_EMP works as expected but the OUT parameter is NULL when either EMP or EMP2 are created. Any idea what causes the behavior to differ?
select *
from v$version;
create table emp2
as
select *
from emp;
create or replace procedure p1( p_out out varchar2 )
is
begin
select emp_name
into p_out
from plch_emp
order by emp_name;
exception
when others then
dbms_output.put_line( 'P1 A:' || p_out );
end;
create or replace procedure p2( p_out out varchar2 )
is
begin
select ename
into p_out
from emp
order by ename;
exception
when others then
dbms_output.put_line( 'P2 A:' || p_out );
end;
create or replace procedure p3( p_out out varchar2 )
is
begin
select ename
into p_out
from emp2
order by ename;
exception
when others then
dbms_output.put_line( 'P3 A:' || p_out );
end;
declare
l_ename varchar2(100);
begin
p1( l_ename );
dbms_output.put_line( 'P1 B:' || l_ename );
p2( l_ename );
dbms_output.put_line( 'P2 B:' || l_ename );
p3( l_ename );
dbms_output.put_line( 'P3 B:' || l_ename );
end;
SQL> select *
2 from v$version;
BANNER
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
PL/SQL Release 11.2.0.1.0 - Production
CORE 11.2.0.1.0 Production
TNS for 64-bit Windows: Version 11.2.0.1.0 - Production
NLSRTL Version 11.2.0.1.0 - Production
SQL>
SQL> create table emp2
2 as
3 select *
4 from emp;
Table created.
SQL>
SQL> create or replace procedure p1( p_out out varchar2 )
2 is
3 begin
4 select emp_name
5 into p_out
6 from plch_emp
7 order by emp_name;
8 exception
9 when others then
10 dbms_output.put_line( 'P1 A:' || p_out );
11 end;
12 /
Procedure created.
SQL>
SQL> create or replace procedure p2( p_out out varchar2 )
2 is
3 begin
4 select ename
5 into p_out
6 from emp
7 order by ename;
8 exception
9 when others then
10 dbms_output.put_line( 'P2 A:' || p_out );
11 end;
12 /
Procedure created.
SQL>
SQL> create or replace procedure p3( p_out out varchar2 )
2 is
3 begin
4 select ename
5 into p_out
6 from emp2
7 order by ename;
8 exception
9 when others then
10 dbms_output.put_line( 'P3 A:' || p_out );
11 end;
12 /
Procedure created.
SQL>
SQL> declare
2 l_ename varchar2(100);
3 begin
4 p1( l_ename );
5 dbms_output.put_line( 'P1 B:' || l_ename );
6
7 p2( l_ename );
8 dbms_output.put_line( 'P2 B:' || l_ename );
9
10 p3( l_ename );
11 dbms_output.put_line( 'P3 B:' || l_ename );
12
13 end;
14 /
P1 A:Jones
P1 B:Jones
P2 A:
P2 B:
P3 A:
P3 B:
PL/SQL procedure successfully completed.JustinBilly Verreynne wrote:
So we can then reasonably assume that the test or environment itself somehow interferes with the results? After all, the very same cursor is executed and the same PL/SQL engine uses that cursor interface.Clearly, there is something in my environment that is wonky. It just bugs me that I can't figure out what that variable is.
Your test was done as a single anonymous PL/SQL block. Which means each proc that was called referenced the same variable/memory - are there perhaps PL/SQL optimisation enabled for the database or session? Or any other settings that could influence the test? Have you tried calling the procedures directly from SQL*Plus using a bind var and not via an anon block and a local var in that block?I have. And the results were the same
SQL> var ename varchar2(100);
SQL> exec p1( :ename );
P1 A:Jones
PL/SQL procedure successfully completed.
SQL> exec p2( :ename );
P2 A:
PL/SQL procedure successfully completed.
SQL> exec p3( :ename );
P3 A:
PL/SQL procedure successfully completed.
As a sanity test - what happens when proc P3 for example is changed to a catersian join/union of emp2 and plch_emp? Do the test results change? Or you can change it as follows:
SQL> ed
Wrote file afiedt.buf
1 create or replace procedure p5( p_out out varchar2 )
2 is
3 begin
4 --// force a value into p_out using a successful fetch
5 select emp_name
6 into p_out
7 from plch_emp
8 where rownum = 1;
9 --// force an error and determine if p_out was overwritten
10 select ename
11 into p_out
12 from emp2
13 order by ename;
14 exception
15 when others then
16 dbms_output.put_line( 'P5:' || p_out );
17* end;
18 /
Procedure created.
SQL> exec p5( :ename );
P5:Jones
PL/SQL procedure successfully completed.
Of course, you can also put this one down to using an operating system like Windows as a poor database server and not as a magnificent client gaming platform... Well, sure. But you can probably only play World of Warcraft so long before you need to write some PL/SQL.
Justin -
Multiple logon trigger for a user
Hi,
can I create two (or more) distinct logon trigger for a user? If yes, this situation is "clean"? Both triggers are executed on logon time?If you don't know what the wrapped source does
and you don't care about the order
then
clean := false ;-)
You filter access, but what if the unknkown wrapped source logs database access in some table on a user before your trigger DENIES access for that user/program?
You would try to find out what the already existing trigger does (third party software?), if you really want to be clean. -
FRM-40735: ON-ERROR trigger unhandled exception ORA-06508
Guru,
Today we changed few customization in CUSTOM.pll and regenerated it , but we received the following error message after login to application irrespective of any responsiblity/form
FRM-40735: ON-ERROR trigger unhandled exception ORA-06508
So we reverted CUSTOM.pll change and recompiled successfuly. However we are still getting same error.
Kindly give us little light on it.
Regards,
RajuHi Raju,
In addition to Hussein's post, Can you check the following notes, since you have changed & reverted the custom.pll
- Cannot Log into Oracle Applictions after the Custom.pll has been Changed [ID 146038.1]
Best Regards, -
Autotrace with logon trigger?
Hi,
I've a view and the view is be reading by an external program.
How can i see how and how long do they communicate ?
Thanks in advance.
With best regards
NicoleHi:
If you have a testing environment (that is definitely a must have) and can modify sources the simplest way to activate trace is add a 'alter session set sql_trace=true' at the beginning of the application, then run it, and then evaluate results.
Using a logon trigger for the user the application is connecting to is another way to accomplish the same, useful when the application cannot be modified. This is an example of the same:
CREATE TRIGGER
schema_owner.logon_tg AFTER LOGON ON schema_owner.SCHEMA
BEGIN
EXECUTE IMMEDIATE 'alter session set sql_trace=true';
END;
This will produce a trace file containing all of the statements executed by the session:
Trace files go to USER_DUMP_DEST, and need to be parsed with TKPROF in order to produce readable output.
Also, check to have timed_statistics=true, so it will report timing in the trace files.
Try to produce trace files, and post if you need assistance in interpreting results.
ciao
Andrea -
Newbie question for LogOn trigger and Connection String
Hi,
I would like to set certain session variables in the logon trigger. Is there a connection string attribute or some other way to pass a string or some data to the session.
regards
StefanHi,
my concrete problem is that our application only uses one user. eg. appuser . During the login process of the application the "real" user name, language and other attributes are set in a packag as global variables.
This works fine, but as soon as a usr logs on the DB without our application login then these are ofcourse not filled. My idea was to maybe to be able to enhance the connection string and to be able to pass some more information to the logon trigger.
regards
Stefan -
Do we have ON-LOGON trigger in reports?
Hi Guys,
we use ON-LOGON trigger to connect our form to the required database in forms.
If we wanna run our report as a stand alone, how can we avoid that logon in screen, and how can in automatically logon to the required database. Is there any way to write such a trigger?
Regards,
Imran BaigHow are you running your reports?
What is reports version?
Maybe you are looking for
-
TOO many OPEN CURSORS during loop of INSERT's
Running ODP.NET beta2 (can't move up yet but will do that soon) I don't think it is related with ODP itself but probably on how .Net works with cursors. We have a for/next loop that executes INSERT INTO xxx VALUES (:a,:b,:c) statements. Apparently, w
-
Hi all, I just connected my iPhone to iTunes on the computer, and it prompted me to update my iOS. I did so, and it is now updated - however, I cannot connect to my 3G. (I can't connect to WiFi networks, either, but this has been a problem for a lon
-
I'm new to FCP. I captured 4 DV tapes and have not edited the file names yet. It looks like I have 4 tapes that were each added to a new bin. 3 of the tapes have a unique reel number (1,2,3) and one is a repeat. How can I change all the reel numbers
-
I have a Canon VIXIA, my computer chokes when editing the .mts files, so I do a quick conversion to .mpg which seems to be more manageable. But CS4 will often freeze up when editing these files. The computer is a notebook, 2 Ghz 2 Duo with 4 GB of ra
-
TS3274 The home button no longer functions on my iPAD
The home button no longer works on my iPad2. Any questions?