Re: How to Limit OEM12c user access
From: Dba DBA <oracledbaquestions_at_gmail.com>
Date: Thu, 9 Aug 2012 16:45:02 -0400
Message-ID: <CAE-dsO+0Ld-Lr2chOjq7KgyWyK982gnisJp=fRbtMLPYdP-QGA_at_mail.gmail.com>
The kinds of requirements are all too common from managers and security people. I have a requirement that first name, last name, and email address cannot be in the same table because that is PII data. We also have a requirement that these 3 fields need to be unique. Don't bother asking me why. I don't have access to security people. I have had these discussions with security people before at other companies and it generally comes down to a generic 'best practice' or some other nonsensical 2 word answers basically summed up to 'because I said so'. Security guys will not be challenged because if something happens and something gets stolen, there is finger pointing and you don't want to be in the line of fire for the blame game even if what you challenged has nothing to do with what got stolen. So there is a lot of 'add rules so I can't be blamed'. I was on a government project and the government brought in some security auditors from Ernst and Young. There were a bunch of 23-24 year olds right out of college billed at $200+/hour that were just reading off a checklist. you might want to open a ticket with oracle, there may be some backdoor way to restrict access.
Date: Thu, 9 Aug 2012 16:45:02 -0400
Message-ID: <CAE-dsO+0Ld-Lr2chOjq7KgyWyK982gnisJp=fRbtMLPYdP-QGA_at_mail.gmail.com>
The kinds of requirements are all too common from managers and security people. I have a requirement that first name, last name, and email address cannot be in the same table because that is PII data. We also have a requirement that these 3 fields need to be unique. Don't bother asking me why. I don't have access to security people. I have had these discussions with security people before at other companies and it generally comes down to a generic 'best practice' or some other nonsensical 2 word answers basically summed up to 'because I said so'. Security guys will not be challenged because if something happens and something gets stolen, there is finger pointing and you don't want to be in the line of fire for the blame game even if what you challenged has nothing to do with what got stolen. So there is a lot of 'add rules so I can't be blamed'. I was on a government project and the government brought in some security auditors from Ernst and Young. There were a bunch of 23-24 year olds right out of college billed at $200+/hour that were just reading off a checklist. you might want to open a ticket with oracle, there may be some backdoor way to restrict access.
-- http://www.freelists.org/webpage/oracle-lReceived on Thu Aug 09 2012 - 15:45:02 CDT