Logon triggers
I've wanted to do this for a long time, but now a migration project to both a new data centre, and a new version of Oracle means I have opportunity to do it and hopefully, do it right. The current database design is not perfect. There is one application user which is used by apps, users, support and development teams. At the moment, there is no way to separate traffic, prevent connections from people to the wrong place or from unexpected places, or to do resource limiting. I can't do any sensible auditing. This changes as of the migration to 12c. I have defined 7 different services, which will all have different sets of expected users. After logon triggers will be set up so that all connections to the controlled services have the connection source IP and database username checked. If either isn't appropriate for the service, the connection attempt is logged and the connection terminated. CREATE OR REPLACE TRIGGER SYSTEM.check_service_appropriate AFTER LOGON ON D