RE: Privileges by session

From: Blanchard, William <wblanchard_at_societyinsurance.com>
Date: Thu, 7 Jan 2010 15:59:58 -0600
Message-ID: <CB340D772D072D47A5DE07533432A7E50E2E7A42_at_exch1.soc.int>

That's the conundrum. They know the application passwords, there's no way around it. I need to lock them down to a read only session when they log on from sqlplus, SQL Developer, Toad, etc.

WGB
-----Original Message-----

From: Michael Fontana [mailto:michael.fontana_at_enkitec.com] Sent: Thursday, January 07, 2010 3:58 PM To: Blanchard, William
Cc: oracle-l_at_freelists.org; Jared Still Subject: Re: Privileges by session

But you said management told you they were to no longer have such privileges. IOW - They don't need them.

Game over.

Or are we missing something?

Original Message ----- From: "William Blanchard" <wblanchard_at_societyinsurance.com> To: "Jared Still" <jkstill_at_gmail.com> Cc: oracle-l_at_freelists.org Sent: Thursday, January 7, 2010 3:49:35 PM GMT -06:00 US/Canada Central Subject: RE: Privileges by session

The application developers need the passwords for their applications. We have some old applications so there's no good way around this.

WGB From: Jared Still [mailto:jkstill_at_gmail.com] Sent: Thursday, January 07, 2010 3:48 PM To: Blanchard, William
Cc: oracle-l_at_freelists.org
Subject: Re: Privileges by session

On Thu, Jan 7, 2010 at 12:21 PM, Blanchard, William < wblanchard_at_societyinsurance.com > wrote:

Greetings,

I have convinced management to allow me to grant read-only access to the developers. The problem is that they know the application passwords and have been using those passwords to circumvent my controls. Is there a way via a Is there some reason the obvious solution wont' work?

That is, change the passwords.

It would seem the applications in question are not subject to SarbanesOxley,
HIPAA, PCI or any number of other legislated security policies. Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist Oracle Blog: http://jkstill.blogspot.com Home Page: http://jaredstill.com

Michael Fontana

Sr. Technical Consultant

Enkitec M: 214.912.3709

enkitec

oracle_certified_partner

--

http://www.freelists.org/webpage/oracle-l Received on Thu Jan 07 2010 - 15:59:58 CST

This message: [ Message body ]
Next message: Jared Still: "Re: Replacement of US7ASCII character set in 11g?"
Previous message: Michael Fontana: "Re: Privileges by session"
In reply to: Michael Fontana: "Re: Privileges by session"
Next in thread: Jared Still: "Re: Privileges by session"
Reply: Jared Still: "Re: Privileges by session"
Reply: GovindanK: "RE: Privileges by session"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message