How to Prevent a User to Drop Own Objects

Posted by Gokhan Atil on Nov 10, 2008 |

An Oracle user is always granted to drop their own objects. To prevent a user to drop their own objects, we can use DDL triggers.

Here’s sample trigger which will prevent HR user to drop EMPLOYEES table:

CREATE OR REPLACE TRIGGER trigger_prevent_drop BEFORE DROP ON DATABASE
BEGIN
IF ora_dict_obj_type = 'TABLE' 
AND ora_dict_obj_owner = 'HR' 
AND ora_login_user = 'HR' 
AND ora_dict_obj_name='EMPLOYEES'
THEN
raise_application_error (-20000, 'YOU CAN NOT DROP EMPLOYEES TABLE!');
END IF;
END;

CREATE OR REPLACE TRIGGER trigger_prevent_drop BEFORE DROP ON DATABASE

BEGIN

IF ora_dict_obj_type = 'TABLE'

AND ora_dict_obj_owner = 'HR'

AND ora_login_user = 'HR'

AND ora_dict_obj_name='EMPLOYEES'

THEN

raise_application_error (-20000, 'YOU CAN NOT DROP EMPLOYEES TABLE!');

END IF;

END;

When HR user tries to drop employees table, he’ll see an ORA-20000 error.

For more information and samples about DDL triggers: http://psoug.org/reference/ddl_trigger.html

How to Prevent a User to Drop Own Objects

Leave a Reply Cancel reply

About Me

Blogroll

Archives

Follow Me