>> >> What account do the trigger run under?

...

> I agree; that really doesn't make sense.
> So, the question remains: What account should the trigger
> run under?

Surely the first question is; Who can create these triggers?


Presumably only SYSDBA/owner should be able to create
connect/disconnect triggers.

At this stage it seems to me that the same rule should apply
to transaction triggers (and also on metadata create/drop if
we have them too).

So, following on from that, we should then be able to use
GRANT/REVOKE in exactly the same method as already used with
existing triggers to allow/deny access to other resources
outside the current users access level.

(For the sort of purposes being proposed here (logging etc)
it seems to me critical that the triggers should be able to
perform functions not available to the current user account.)


That all seems to make sense to me, and be a simple solution.
BUT can anyone here see a problem with it?

--
Geoff Worboys
Telesis Computing