The behavior you describe is normal for PRODUCT_USER_PROFILE.
Once you understand how it works, it all becomes clear ;-)
This is my understanding of it, hopefully someone will correct me if I'm
wrong...
When a user connects to the database via ORACLE's SQL+, the *application* checks
the PRODUCT_USER_PROFILE table to see what SQL commands it should allow. It
places no constraints on the users commands in the datbase itself, so
'forbidden' commands can still be executed via PL/SQL, or by connecting with
another application (eg SQL Worksheet) that does not check PRODUCT_USER_PROFILE.
PRODUCT_USER_PROFILE is useful only where users can't get round it by installing
their own client software, and don't know enough PL/SQL to be dangerous. Even
then, you should think about backing it up with audit trails, just in case.
Hope this helps.
Simon Anderson
> I have entries in the PRODUCT_USER_PROFILE to inhibit a user from
> executing the DROP command. However, if I embed a DROP command
> inside a PL/SQL procedure, and execute it with Dynamic SQL, the
> DROP is executed.
>
> Is this normal?
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author:
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
