I would like to know how to use "oracle triggers" to clone a user or copy all the roles and rights from one user to other.
The procedure should contain two parameter. One source user and other target user.
I wouldn't use a trigger for that. A trigger is a stored program unit that gets executed when one of the following operations occur:
DML statement on a table or view
DDL statement by a particular user
Database event
The list doesn't contain an event that triggers the cloning of a user. Besides, triggers don't have parameters like old or new users.
This overview explains nicely what triggers can do.
Related
I am creating a simple application where I am using a Servlet and JDBC to create users.
Is there any way I can use a trigger to insert the username into another table when the Oracle user is created with:
create user xyz ......
Once this query executes successfully, it inserts the user information in the DBA_USERS table.
I want the username to also be inserted into another table. Should I add it to that other table manually through JDBC, or can I create a trigger to do it automatically?
You could use a system trigger based on the create user DDL (but not a DML trigger on the dba_users view - you can't do that anyway, but don't even think about trying to do anything based on the data dictionary). But you wouldn't really have any way for that to know if the user being created is actually an application user - you'd be assuming any user added to the DB could only be related to your application.
Since you have to take other steps anyway - such as granting roles and/or privileges, maybe adding other application security data, etc., it probably makes more sense to do the table insert manually.
It may even make more sense to put all the user-creation code into a stored (and probably packaged) procedure, and just call that over JDBC; the downside of that is that the create user and any other DDL would need to be executed from within the procedure as dynamic SQL. Any of your own table inserts would be together though, and you'd only have that single JDBC call to make.
You can also have other procedures to modify and delete users.
Something to bear in mind, however you do it, is that DDL implicitly commits. Not necessarily a problem, just something to be aware of, so you can order the steps in a recoverable way.
Like in procedures and Functions can we pass parameters to triggers? Can A trigger can be explicitly called?
An object based trigger is raised by an event's occurence(as update,insert,select)on a specific object of the database. There is also system triggers, fired by system specific events(as shutdown,startup database, user connection etc..).
This is the main purpose of a trigger in databases, you can't raise it explicitly, if you want it to run the only way is to raise the event. Also passing parameters isn't part of trigger definition, but you can handle the event attributes,(which can be passed to the trigger body that may can contain functions or procedures).
I hope that i've responded to your question, can i know what is your need for trying to do that.?
What you can do is to create a table that will store temporarily the data that you want to access in your trigger.
1-Create a table "tmp_data" for instance.
2-Before running the event that will fire the trigger (stored procedure, insert, update...) insert into tmp_data the data that you want to use in the trigger.
3-In the trigger, to access the data you needed, you make a query on the table tmp_data.
4-After have been done with the data, you clean the table tmp_data for the next use.
Hope has been helpful!
I have a situation in our Oracle environment where I would like to be able to grant select permissions to a certain user/group on all views in a particular schema.
I realize that I could write a dynamic statement to iterate over all the views in the schema and grant permissions to them individually as shown here but I would like to be able to have this apply to all views that exist in the schema now or in the future.
I was also contemplating the possibility of writing a DDL trigger that could monitor for the creation of new views but setting permissions in a trigger isn't something I've seen done before and doesn't seem like accepted practice.
Basically, is there a VIEW analog to the GRANT EXECUTE ANY PROCEDURE?
The EXECUTE ANY PROCEDURE grant allows a user to execute any procedure in any schema in the database, not just those in a particular schema. You can grant a user the SELECT ANY TABLE privilege-- that will allow the user to query any table or view in any schema in the database not just those in a particular schema. That's the analogous privilege, it just seems unlikely that either is really what you're after.
Since views should not be created dynamically, this sort of requirement would normally be handled by simply including the appropriate GRANT statements in the scripts that create the new views which get promoted up through the environments. Dynamically granting privileges is generally frowned upon because it generally implies that you have issues with your change control process that need to be addressed.
I have, for third party applications that insist on creating new objects periodically, created a DDL trigger that grants privileges on new objects. In order to do that, you would need to submit a job that actually does the GRANT. A GRANT is a DDL statement so it issues an implicit commit and implicit commits aren't allowed in triggers, you have to have a separate job that runs moments after the object is created. This means that you end up with a number of moving pieces that generally makes your environment more complex.
I created the Employee table which contains EmpNo,EName,EDesignation as its fields.Also i created the 3 Triggers namely Trigger_1,Trigger_2 and Trigger_3.All the Triggers are Statement level triggers and fired after the update done in the table.Now i want the following orders in which the triggers are going to fired when the update statement is executed.
The Order is
Trigger_3,
Trigger_1,
Trigger_2
Can anyone tell me the way to fire the trigger events in userdefined way?I m using Oracle 9i
Trigger Evaluation Order
Quote from Oracle documentation:
Although any trigger can run a
sequence of operations either in-line
or by calling procedures, using
multiple triggers of the same type
enhances database administration by
permitting the modular installation of
applications that have triggers on the
same tables.
Oracle Database executes all triggers
of the same type before executing
triggers of a different type. If you
have multiple triggers of the same
type on a single table, then Oracle
Database chooses an arbitrary order to
execute these triggers.
Each subsequent trigger sees the
changes made by the previously fired
triggers. Each trigger can see the old
and new values. The old values are the
original values, and the new values
are the current values, as set by the
most recently fired UPDATE or INSERT
trigger.
To ensure that multiple triggered
actions occur in a specific order, you
must consolidate these actions into a
single trigger (for example, by having
the trigger call a series of
procedures).
see also http://download.oracle.com/docs/cd/B19306_01/appdev.102/b14251/adfns_triggers.htm
Have one trigger with the contents of the three.
If you cannot, for reasons for modularization, reusability..., create three stored procedures and call these one by one in the single trigger.
Upgrade to 11g and you can define trigger execution order
I'm using (have to) a badly designed Oracle(10) DB, for which I don't have admin rights (although I can create tables, triggers, etc in my scheme).
Now I had run into a problem: this DB connected with several users/programs. I must find out who updates a certain row, when, and if possible: with what kind of statement. Is it possible?
Thanks in advance!
It would be easier to do this if you had admin rights to enable auditing. Without the power of auditing you are left with the use of triggers to handle the logging of inserts/updates/delete. In your case since you are interested in only update, you can put a trigger on the table to fire after the update which logs to another table what was changed, by whom, from where and to what and on what day.
I would create a journal table for the table you are working with. It will show you the operation type and the oracle user...as well as a bunch of other data if you need it.