"Smith, Ron L." wrote:
>
> We are being asked by Auditing to stop using the SYS, and SYSTEM
> accounts. They would like for us to create an Oracle Role with the same
> permissions a SYS and SYSTEM, then grant the role to each of the DBA's.
> Don't ask me why. Nothing is being audited in 99% of the databases.
> They just say it in a paper some where so they said we shouldn't use it.
> This seems like it would cause lots of problems with exports, imports,
> installs, etc... Has anyone had to deal with this type of request? Any
> potential problems with making the change?
>
> Thanks!
> Ron Smith
> --
I agree about SYS, but I don't have any problem with SYSTEM, which for
the ownership of PRODUCT_USER_PROFILE and perhaps a couple of other
dictionary-related tables, views or package is as equal a DBA as any
other (SYS excepted). I like having an externally identified DBA account
for running all those cron scripts etc., but on the other hand I am not
in favour of unduly multiplying DBAs. This is pushing democracy too far
for my taste. The more DBAs you have, the more chances you take of
having an easy-to-guess or leaked password.
--
Regards,
Stephane Faroult
Oriole Software
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Stephane Faroult
INET: sfaroult_at_oriole.com
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
Received on Wed Nov 12 2003 - 15:19:33 CST
