Return-Path: Received: from air189.startdedicated.com (root@localhost) by orafaq.com (8.11.6/8.11.6) with ESMTP id hBK0HfI11820 for ; Fri, 19 Dec 2003 18:17:41 -0600 X-ClientAddr: 66.27.56.210 Received: from ns3.fatcity.com (rrcs-west-66-27-56-210.biz.rr.com [66.27.56.210]) by air189.startdedicated.com (8.11.6/8.11.6) with ESMTP id hBK0Heo11815 for ; Fri, 19 Dec 2003 18:17:40 -0600 Received: from ns3.fatcity.com (localhost.localdomain [127.0.0.1]) by ns3.fatcity.com (8.12.8/8.12.8) with ESMTP id hBK0A1pD012555 for ; Fri, 19 Dec 2003 16:12:31 -0800 Received: (from root@localhost) by ns3.fatcity.com (8.12.8/8.12.5/Submit) id hBJNolma012268 for oracle-l@orafaq.com; Fri, 19 Dec 2003 15:50:50 -0800 Received: by fatcity.com (05-Jun-2003/v1.0g-b73/bab) via fatcity.com id 005DA74A; Fri, 19 Dec 2003 15:54:25 -0800 Message-ID: Date: Fri, 19 Dec 2003 15:54:25 -0800 To: Multiple recipients of list ORACLE-L X-Comment: Oracle RDBMS Community Forum X-Sender: "Jamadagni, Rajendra" Sender: ml-errors@fatcity.com Reply-To: ORACLE-L@fatcity.com Errors-To: ML-ERRORS@fatcity.com From: "Jamadagni, Rajendra" Subject: RE: OEM permissions Organization: Fat City Network Services, San Diego, California X-ListServer: v1.0g, build 73; ListGuru (c) 1996-2003 Bruce A. Bergman Precedence: bulk Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit That's why we have scripts which give us a report every few days on users that have db_links, any of the *_ANY_* privs (like alter any table), dba privs etc, also a list of some sensitive schemas too. Our application support needed to work with users to grant/revoke roles and private synonyms. So, I wrote a package owned by "system" and completely controlled. Every action gets logged, even errors do get logged. If it finds unusual input, it goes to trace file. We are happy, app support is happy. That's the way we like it. Raj -----Original Message----- Sent: Friday, December 19, 2003 1:49 PM To: Multiple recipients of list ORACLE-L Maybe I'm a being a bit touchy here; but it seems that my comments about having access to dba_users went completely unnoticed. Let's put it this way: There is NO WAY you can prevent somebody from setting up their own private oracle instance. It they have access to dba_users in your database, they can create the SAME users with the SAME passwords in their private database. And they can create database links in their private database. Now, is this a problem? -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Jamadagni, Rajendra INET: Rajendra.Jamadagni@espn.com Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru@fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).