Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: OEM permissions

RE: OEM permissions

From: Jamadagni, Rajendra <Rajendra.Jamadagni_at_espn.com>
Date: Fri, 19 Dec 2003 15:54:25 -0800
Message-ID: <F001.005DA74A.20031219155425@fatcity.com>


That's why we have scripts which give us a report every few days on users that have db_links, any of the *_ANY_* privs (like alter any table), dba privs etc, also a list of some sensitive schemas too.

Our application support needed to work with users to grant/revoke roles and private synonyms. So, I wrote a package owned by "system" and completely controlled. Every action gets logged, even errors do get logged. If it finds unusual input, it goes to trace file. We are happy, app support is happy. That's the way we like it.

Raj

-----Original Message-----
Sent: Friday, December 19, 2003 1:49 PM
To: Multiple recipients of list ORACLE-L

Maybe I'm a being a bit touchy here; but it seems that my comments about having access to dba_users went completely unnoticed. Let's put it this way: There is NO WAY you can prevent somebody from setting up their own private oracle instance. It they have access to dba_users in your database, they can create the SAME users with the SAME passwords in their private database. And they can create database links in their private database.

Now, is this a problem?
--

Please see the official ORACLE-L FAQ: http://www.orafaq.net
--

Author: Jamadagni, Rajendra
  INET: Rajendra.Jamadagni_at_espn.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Fri Dec 19 2003 - 17:54:25 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US