RE: Privileges by session
Date: Thu, 7 Jan 2010 15:59:58 -0600
Message-ID: <CB340D772D072D47A5DE07533432A7E50E2E7A42_at_exch1.soc.int>
That's the conundrum. They know the application passwords, there's no way around it. I need to lock them down to a read only session when they log on from sqlplus, SQL Developer, Toad, etc.
WGB
-----Original Message-----
From: Michael Fontana [mailto:michael.fontana_at_enkitec.com]
Sent: Thursday, January 07, 2010 3:58 PM
To: Blanchard, William
Cc: oracle-l_at_freelists.org; Jared Still
Subject: Re: Privileges by session
But you said management told you they were to no longer have such privileges. IOW - They don't need them.
Game over.
Or are we missing something?
- Original Message ----- From: "William Blanchard" <wblanchard_at_societyinsurance.com> To: "Jared Still" <jkstill_at_gmail.com> Cc: oracle-l_at_freelists.org Sent: Thursday, January 7, 2010 3:49:35 PM GMT -06:00 US/Canada Central Subject: RE: Privileges by session
The application developers need the passwords for their applications. We have some old applications so there's no good way around this.
WGB
From: Jared Still [mailto:jkstill_at_gmail.com]
Sent: Thursday, January 07, 2010 3:48 PM
To: Blanchard, William
Cc: oracle-l_at_freelists.org
Subject: Re: Privileges by session
On Thu, Jan 7, 2010 at 12:21 PM, Blanchard, William < wblanchard_at_societyinsurance.com > wrote:
Greetings,
I have convinced management to allow me to grant read-only access to the developers. The problem is that they know the application passwords and have been using those passwords to circumvent my controls. Is there a way via a Is there some reason the obvious solution wont' work?
That is, change the passwords.
It would seem the applications in question are not subject to
SarbanesOxley,
HIPAA, PCI or any number of other legislated security policies.
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist
Oracle Blog: http://jkstill.blogspot.com
Home Page: http://jaredstill.com
--
Michael Fontana
Sr. Technical Consultant
Enkitec M: 214.912.3709
enkitec
oracle_certified_partner
--
http://www.freelists.org/webpage/oracle-l
Received on Thu Jan 07 2010 - 15:59:58 CST