Re: 8.1.7/HP-UX 11/PRODUCT_USER_PROFILE

The behavior you describe is normal for PRODUCT_USER_PROFILE. Once you understand how it works, it all becomes clear ;-)

This is my understanding of it, hopefully someone will correct me if I'm wrong...

When a user connects to the database via ORACLE's SQL+, the *application* checks the PRODUCT_USER_PROFILE table to see what SQL commands it should allow. It places no constraints on the users commands in the datbase itself, so 'forbidden' commands can still be executed via PL/SQL, or by connecting with another application (eg SQL Worksheet) that does not check PRODUCT_USER_PROFILE.

PRODUCT_USER_PROFILE is useful only where users can't get round it by installing their own client software, and don't know enough PL/SQL to be dangerous. Even then, you should think about backing it up with audit trails, just in case.

Hope this helps.

Simon Anderson

> I have entries in the PRODUCT_USER_PROFILE to inhibit a user from
> executing the DROP command. However, if I embed a DROP command
> inside a PL/SQL procedure, and execute it with Dynamic SQL, the
> DROP is executed.
>
> Is this normal?

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: 
  INET: Simon.Anderson_at_scisys.co.uk

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).