Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> OT - SarBox paranoia prevention ?

OT - SarBox paranoia prevention ?

From: Chip Briggs <chip.briggs_at_gmail.com>
Date: Sat, 19 Feb 2005 13:21:03 -0700
Message-ID: <7ec905ad050219122160489067@mail.gmail.com> 





Earlier this week, SarBox auditors wanted proof that DBA's
could not change database stored procedures (which would
prevent DBA's from applying vendor patches for vendor
supplied stored procedures). Also presents a problem since
DBA's managed stored procedure configuration.  SarBox
auditors do not like DBA privileged access to application data.
Looks like these auditors do not trust anyone and want duties
segregated so no single person has the ability to cook any
books (complete prevention for Enron repeat).



Any ideas how to prevent execution of non-production code
against production data, whether the data resides in a
database or operating system files (unix and windows) ?



Have Fun :)

--
http://www.freelists.org/webpage/oracle-l


Received on Sat Feb 19 2005 - 15:23:59 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US