Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Refuse DBA access to a schema?

RE: Refuse DBA access to a schema?

From: Kimberly Smith <kimberly.smith_at_gmd.fujitsu.com>
Date: Sat, 24 Jun 2000 15:35:16 -0700
Message-Id: <10538.110368@fatcity.com>


When you say Secure Oracle do you mean trusted Oracle? Is so that will not eliminate the problem. With Trusted Oracle all it really adds (in a simple form) is row level security. And seeing as system and sys have the writeup and readup privs there is not really any stopping them from looking at the data. I am sure you could revoke those from system as its just a role but I am not sure I would from sys. The joy and pain of running Trusted Oracle is enough to put in you in the mad house anyway. Like I have mentioned in the past its not really the database but the OS can be pure hell (at least HP CMW). Now if there is a different product out there
actually called Secure Oracle then I should go do some research as I never heard of it. Lost in my own little world...

-----Original Message-----

From: root_at_fatcity.com [mailto:root_at_fatcity.com]On Behalf Of dgoulet_at_vicr.com
Sent: Friday, June 23, 2000 3:29 PM
To: Multiple recipients of list ORACLE-L Subject: Re:Refuse DBA access to a schema?

I believe you need to get your hands on Secure Oracle, which I do not believe is
available for export. Now, if you do that, your customer will need at lease one
additional admin just to maintain the security. Otherwise he's stuck and may
have to look at bringing the DB back in house. So much for ASP's!!!

____________________Reply Separator____________________
Author: Sherwin Anthony Sequeira <sherwin_at_sequeira.ezesurf.co.uk>
Date:       6/23/00 11:30 AM

Hi guys and gals,

        I have a good one here.

        The customer has a DB that is run and maintained in the States, i.e. All DB Admin is done over there.

        The DB has a schema, which has highly sensitive material.

        What the customer wants, is to lock out SYS and SYSTEM, and any other
DBA accounts from the application schema.

        Off the top of my head, I can think of no way of doing this.

        Any ideas?

        Regards.

Tony
--

S. A. Sequeira

--

Author: Sherwin Anthony Sequeira
  INET: sherwin_at_sequeira.ezesurf.co.uk

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists

--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
--

Author:
  INET: dgoulet_at_vicr.com
Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists

--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may Received on Sat Jun 24 2000 - 17:35:16 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US