Creating a user is DDL. DDL involves two implicit commits, one before the statement is run and once after the statement is run. Triggers (unless declared to use autonomous transactions which would not be appropriate here) cannot commit or rollback a transaction. So you can't issue DDL from a trigger. You wouldn't want to if you could-- what if the transaction that inserted a row in LOGIN_NAMES
was rolled back, for example, or what if Oracle had to execute the trigger multiple times for write consistency.
You could use the dbms_job
package to submit a job that would run once the triggering transaction committed that would use dynamic SQL (EXECUTE IMMEDIATE
most likely) to create the user and run the GRANT
. I'm hard-pressed to imagine that you'd want that to happen on UPDATE
rather than just on INSERT
otherwise you'd be trying (and failing) to create a user every time someone updated some attribute in your table. It would be a very unusual design to want to configure things this way-- if you want to maintain your own table to store information about users, that would normally mean that you want to create application users rather than Oracle users. If you want to create Oracle users, it generally wouldn't make sense to create your own table to store that information, just take it from dba_users
.