Geoff Worboys wrote:

>>>>> What account do the trigger run under?
>>>>>
> ...
>
>> I agree; that really doesn't make sense.
>> So, the question remains: What account should the trigger
>> run under?
>>
>
> Surely the first question is; Who can create these triggers?
>
>
> Presumably only SYSDBA/owner should be able to create
> connect/disconnect triggers.
>
> At this stage it seems to me that the same rule should apply
> to transaction triggers (and also on metadata create/drop if
> we have them too).
>
> So, following on from that, we should then be able to use
> GRANT/REVOKE in exactly the same method as already used with
> existing triggers to allow/deny access to other resources
> outside the current users access level.
>
> (For the sort of purposes being proposed here (logging etc)
> it seems to me critical that the triggers should be able to
> perform functions not available to the current user account.)
>
>
> That all seems to make sense to me, and be a simple solution.
> BUT can anyone here see a problem with it?
>

Totally agreed.


Adriano