RE: Stop using SYS, SYSTEM?

At some point, when you first create your database, you're going to have the passwords to sys and system... you created them. After that point, you create a DBA account for DBA1, DBA2... DBAn. Then you change the passwords for sys and system to something obscure. But keep them somewhere because there will be isolated adventures where you need to log into SYS to do something wacky. The same people who demand that auditing be turned on will probably also demand that the obscure passwords change on a regular basis, btw. They're so unreasonable.

HTH,
Bambi.

-----Original Message-----
Sent: Friday, November 14, 2003 7:39 AM
To: Multiple recipients of list ORACLE-L

I thought SYS and SYSTEM were NOT 'PUBLIC' accounts. It all depends on how many people you let login as SYS or SYSTEM, and that decision will be different for each individual DBA.

But my question is: How can you give a portion of SYS/SYSTEM functionality to Jane DBA and Joe DBA if you DO NOT have SYS and SYSTEM to begin with?

Julio Cesar Quijada-Reina
Programmer Analyst
Computer Services at Alfred State College

-----Original Message-----
Cupp Michael E Contr Det 1 AFRL/WSI
Sent: Friday, November 14, 2003 8:09 AM
To: Multiple recipients of list ORACLE-L

-----Original Message-----
Sent: Thursday, November 13, 2003 10:49 PM To: Multiple recipients of list ORACLE-L

<SNIP>
>Stopping someone from using a given set of accounts achieves preciously

>nothing in terms of security (or auditing) IF the functionality of
those >accounts
>is then replicated to other accounts.

<SNIP>

Not if someone (I.e. an 'operator') is only using a portion of the access (COMPLETE) that is given to sys and/or system.

>Fact is a DBA needs to be able to exp/imp (debatable, but let's ignore
>that).
>And manage rights. And manage space. And manage allocations,
>And monitor the system. And a myriad of other tasks immaterial to the
>point I'm trying to make.

But a user account for Joe DBA and another user account for Jane DBA, etc, etc will provide accountability and tracability, vs a 'public' account does not.

Just my $0.02

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Cupp Michael E Contr Det 1 AFRL/WSI
  INET: Michael.Cupp_at_wpafb.af.mil

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: QuijadaReina, Julio C
  INET: QuijadJC_at_alfredstate.edu

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Bellow, Bambi
  INET: bbellow_at_chi.navtech.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).