| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: OEM permissions
That's why we have scripts which give us a report every few days on users that have db_links, any of the *_ANY_* privs (like alter any table), dba privs etc, also a list of some sensitive schemas too.
Our application support needed to work with users to grant/revoke roles and private synonyms. So, I wrote a package owned by "system" and completely controlled. Every action gets logged, even errors do get logged. If it finds unusual input, it goes to trace file. We are happy, app support is happy. That's the way we like it.
Raj
-----Original Message-----
Sent: Friday, December 19, 2003 1:49 PM
To: Multiple recipients of list ORACLE-L
Maybe I'm a being a bit touchy here; but it seems that my comments about having access to dba_users went completely unnoticed. Let's put it this way: There is NO WAY you can prevent somebody from setting up their own private oracle instance. It they have access to dba_users in your database, they can create the SAME users with the SAME passwords in their private database. And they can create database links in their private database.
Now, is this a problem?
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Jamadagni, Rajendra
INET: Rajendra.Jamadagni_at_espn.com
Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services ---------------------------------------------------------------------To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Fri Dec 19 2003 - 17:54:25 CST
 |
 |