Re: OK to revoke privileges from SYS or DBA?

In article <41b75d93$0$17055$afc38c87_at_news.optusnet.com.au>, "Howard J. Rogers" <hjr_at_dizwell.com> wrote:

>I am not sure what advice or what link you're talking about. But you
>imply that I am underhandedly linking to out-of-date information in
>order to do down Daniel. That is not so. Daniel is STILL advocating the
>dropping of two roles which he shouldn't be. That is very much current
>information. Dropping those roles and re-creating them, or something
>very like them, under new names is NOT recommended by Oracle; is NOT
>actually going to increase security; MAY break your database; MAY
>compromise your support contract.

Trying to be a better DBA, I actually tried dropping those roles on a test database (used by developers, not production). And it didn't take long for me to realize the mistake... the next time I patched the database with a new version, in fact. ;-) Needless to say, I leave those roles alone now. I don't grant them to just anyone, willy nilly (never did, actually), but they're there to stay. Received on Thu Dec 09 2004 - 07:26:04 CST