| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: Password for sys, system account - Uncooperative client
Ron,
I read the article and see where it says not to grant it, but I do not see anything about it "subverting" anything. Rather it seems to be a concern that this may be more privilege than is needed and so violates the "least privilege principle". I wouldn't want to generally grant this or any "ANY" privilege, but I still do not see a specific risk to granting admins/consultant admins this level of view privilege. Are you able to use this to 1) see actual company data and not just the dictionary views or 2) update anything? If not, what is the specific concern? What am I missing?
Thanks!
-----Original Message-----
From: "Reidy, Ron" <Ron.Reidy_at_arraybiopharma.com>
Sent: Jun 9, 2005 10:59 AM
To: asahoshi_at_infionline.net, oracle-l_at_freelists.org
Subject: RE: Password for sys, system account - Uncooperative client
Because it subverts a security setting. See http://www.petefinnigan.com/weblog/archives/00000009.htm
-----Original Message-----
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org]On Behalf Of John P Weatherman
Sent: Thursday, June 09, 2005 8:54 AM
To: oracle-l_at_freelists.org
Subject: RE: Password for sys, system account - Uncooperative client
While I totally agree that sys and system don't need to be given to anyone other than the primary DBA and then sealed in an envelope hidden away in a safe, I am not so clear on why granting select any dictionary is as big a concern. As far as I know, this only allows view access to the data dictionary, which pretty much anyone doing any tuning or monitoring probably needs. Even OEM assumes a non-sys/non-system account with this level of privilege which is used for monitoring. Is there a specific reason not to let people have select any dictionary?
Just curious.
-----Original Message-----
From: "Goulet, Dick" <DGoulet_at_vicr.com>
Sent: Jun 9, 2005 10:35 AM
To: ranko.mosic_at_gmail.com, oracle-l_at_freelists.org
Subject: RE: Password for sys, system account - Uncooperative client
Assuming that you made the request of the client using the same tone as here, I'm not surprised. Why do you need an account with such priviledges? In general NO one outside of the DBA group here has access to SYS or SYSTEM, including internal folks.
Dick Goulet
Senior Oracle DBA
Vicor Corporation
Andover, MA USA=20
-----Original Message-----
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Ranko Mosic
Sent: Thursday, June 09, 2005 10:27 AM
To: oracle-l_at_freelists.org
Subject: Password for sys, system account - Uncooperative client
Hi all,=3D20
I need password for account with select dictionary privileges - client
is=3D
=3D20
not too cooperative.=3D20
Regards, Ranko.
--
http://www.freelists.org/webpage/oracle-l
--
http://www.freelists.org/webpage/oracle-l
--
http://www.freelists.org/webpage/oracle-l
This electronic message transmission is a PRIVATE communication which contains information which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. Please notify the sender of the delivery error by replying to this message, or notify us by telephone (877-633-2436, ext. 0), and then delete it from your system.
--
http://www.freelists.org/webpage/oracle-l
Received on Thu Jun 09 2005 - 11:41:39 CDT
 |
 |