allowing a user to kill his own connections

#1

I would like to allow developers to kill their own sessions, e.g.

alter system kill session '$sid,$serial#'

but only for sessions which are theirs.

Is there a grant which can handle this? If not, what's the
best way to handle this?

TIA!
Mark

--
Mark Harrison
Pixar Animation Studios

#2

mh (AT) pixar (DOT) com wrote in news:NsKTj.1754$ah4.1745 (AT) flpi148 (DOT) ffdc.sbc.com:

Quote:

I would like to allow developers to kill their own sessions, e.g.

alter system kill session '$sid,$serial#'

but only for sessions which are theirs.

Is there a grant which can handle this? If not, what's the
best way to handle this?

You can write a procedure owned by SYS which can issue the ALTER SYSTEM;
using owner's rights not invoker's rights.

#3

mh (AT) pixar (DOT) com wrote in news:NsKTj.1754$ah4.1745 (AT) flpi148 (DOT) ffdc.sbc.com:

Quote:

I would like to allow developers to kill their own sessions, e.g.

alter system kill session '$sid,$serial#'

but only for sessions which are theirs.

Is there a grant which can handle this? If not, what's the
best way to handle this?

You can write a procedure owned by SYS which can issue the ALTER SYSTEM;
using owner's rights not invoker's rights.

#4

mh (AT) pixar (DOT) com wrote in news:NsKTj.1754$ah4.1745 (AT) flpi148 (DOT) ffdc.sbc.com:

Quote:

I would like to allow developers to kill their own sessions, e.g.

alter system kill session '$sid,$serial#'

but only for sessions which are theirs.

Is there a grant which can handle this? If not, what's the
best way to handle this?

You can write a procedure owned by SYS which can issue the ALTER SYSTEM;
using owner's rights not invoker's rights.

#5

mh (AT) pixar (DOT) com wrote in news:NsKTj.1754$ah4.1745 (AT) flpi148 (DOT) ffdc.sbc.com:

Quote:

I would like to allow developers to kill their own sessions, e.g.

alter system kill session '$sid,$serial#'

but only for sessions which are theirs.

Is there a grant which can handle this? If not, what's the
best way to handle this?

You can write a procedure owned by SYS which can issue the ALTER SYSTEM;
using owner's rights not invoker's rights.

#6

On May 5, 3:53*pm, m... (AT) pixar (DOT) com wrote:

Quote:

I would like to allow developers to kill their own sessions, e.g.

* * alter system kill session '$sid,$serial#'

but only for sessions which are theirs.

Is there a grant which can handle this? *If not, what's the
best way to handle this?

TIA!
Mark

--
Mark Harrison
Pixar Animation Studios

I agree with the stored procedure route, as that's the only way you
could restrict the action to sessions associated with the invoking
user.

David Fitzjarrell

#7

On May 5, 3:53*pm, m... (AT) pixar (DOT) com wrote:

Quote:

I would like to allow developers to kill their own sessions, e.g.

* * alter system kill session '$sid,$serial#'

but only for sessions which are theirs.

Is there a grant which can handle this? *If not, what's the
best way to handle this?

TIA!
Mark

--
Mark Harrison
Pixar Animation Studios

I agree with the stored procedure route, as that's the only way you
could restrict the action to sessions associated with the invoking
user.

David Fitzjarrell

#8

On May 5, 3:53*pm, m... (AT) pixar (DOT) com wrote:

Quote:

I would like to allow developers to kill their own sessions, e.g.

* * alter system kill session '$sid,$serial#'

but only for sessions which are theirs.

Is there a grant which can handle this? *If not, what's the
best way to handle this?

TIA!
Mark

--
Mark Harrison
Pixar Animation Studios

I agree with the stored procedure route, as that's the only way you
could restrict the action to sessions associated with the invoking
user.

David Fitzjarrell

#9

On May 5, 3:53*pm, m... (AT) pixar (DOT) com wrote:

Quote:

I would like to allow developers to kill their own sessions, e.g.

* * alter system kill session '$sid,$serial#'

but only for sessions which are theirs.

Is there a grant which can handle this? *If not, what's the
best way to handle this?

TIA!
Mark

--
Mark Harrison
Pixar Animation Studios

I agree with the stored procedure route, as that's the only way you
could restrict the action to sessions associated with the invoking
user.

David Fitzjarrell

#10

On May 5, 11:00*pm, "Ana C. Dent" <anaced... (AT) hotmail (DOT) com> wrote:

Quote:

m... (AT) pixar (DOT) com wrote innews:NsKTj.1754$ah4.1745 (AT) flpi148 (DOT) ffdc.sbc.com:

I would like to allow developers to kill their own sessions, e.g.

* * alter system kill session '$sid,$serial#'

but only for sessions which are theirs.

Is there a grant which can handle this? *If not, what's the
best way to handle this?

You can write a procedure owned by SYS which can issue the ALTER SYSTEM;
using owner's rights not invoker's rights.

I also agree with the stored procedure route; however, the owner does
not need to be SYS and probably should not be SYS. I created a DBA
privileged account to own special purpose routines like this. Using a
non-SYS owner makes keeping track of the special purpose routines,
database event triggers, and like easier.

IMHO -- Mark D Powell --