Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Oracle Auditing Recommendations
It was a risk, senior management read it as a problem.
I'm sure that's not a surprise to anyone. We had to
go through some detailed explanations with the C-level
execs about what we did as DBA's and why we needed
the password (actually our boss got that fun task). :)
We're a group of 5 DBA's and access as SYS or
oracle (at the unix level) is recorded. We don't
get root that's reserved for SA's. That was another
dance our boss had to do also. SA's having
root access to the servers was another item on
the report. :)
Yes, knowing the password is a risk.
Having access to the server room is a risk.
Crossing the street is a risk. Our job is not
risk avoidance, but risk management. Assessing the
level of risk vs. the cost of mitigating work arounds.
Niall Litchfield wrote:
> my reaction depends on at least 3 things. was it a problem or risk? > its certainly a risk. how many people know the password?is use of the > privilege recorded? > > On 8/8/06, Rodd Holman <Rodd.Holman_at_gmail.com> wrote:
-- http://www.freelists.org/webpage/oracle-lReceived on Tue Aug 08 2006 - 12:01:51 CDT