Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Stop using SYS, SYSTEM?

Re: Stop using SYS, SYSTEM?

From: Stephane Faroult <sfaroult_at_oriole.com>
Date: Wed, 12 Nov 2003 13:19:33 -0800
Message-ID: <F001.005D673B.20031112131933@fatcity.com>


"Smith, Ron L." wrote:
>
> We are being asked by Auditing to stop using the SYS, and SYSTEM
> accounts. They would like for us to create an Oracle Role with the same
> permissions a SYS and SYSTEM, then grant the role to each of the DBA's.
> Don't ask me why. Nothing is being audited in 99% of the databases.
> They just say it in a paper some where so they said we shouldn't use it.
> This seems like it would cause lots of problems with exports, imports,
> installs, etc... Has anyone had to deal with this type of request? Any
> potential problems with making the change?
>
> Thanks!
> Ron Smith
> --

I agree about SYS, but I don't have any problem with SYSTEM, which for the ownership of PRODUCT_USER_PROFILE and perhaps a couple of other dictionary-related tables, views or package is as equal a DBA as any other (SYS excepted). I like having an externally identified DBA account for running all those cron scripts etc., but on the other hand I am not in favour of unduly multiplying DBAs. This is pushing democracy too far for my taste. The more DBAs you have, the more chances you take of having an easy-to-guess or leaked password.

-- 
Regards,

Stephane Faroult
Oriole Software
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Stephane Faroult
  INET: sfaroult_at_oriole.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Wed Nov 12 2003 - 15:19:33 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US