Security Vault gives you the possibility to limit sys privileges. :)
Interesting solution but old as this world. There is another
super-user and it controls data access while sys user is for DBAs to
stop/start/backup/troubleshoot whatever.
Looks like a security system with two keys that should be turned at
the same time to open the lock. :-)
2006/8/8, Rodd Holman <Rodd.Holman_at_gmail.com>:
> I'll agree with you for the most part. However,
> when an auditor comes in and reports a discrepancy in that
> the DBA's have the SYS password as a problem, I
> have to say that's "putting a stamp". How else do
> you create the database if you don't know and give it
> the sys password.
>
> Yes, this was a real life audit example.
> The auditor who was clueless about what a DBA was
> or did, had this checklist of items and just lumped
> DBA's in as users and since we knew how to get
> at the base level of the DB we were considered an
> audit risk. We all volunteered to give up the
> password and go home. Our boss wasn't impressed.
--
Best regards,
Alex Gorbachev
http://blog.oracloid.com
--
http://www.freelists.org/webpage/oracle-l
Received on Tue Aug 08 2006 - 11:14:08 CDT
