RE: Grant execute on DBMS_SYSTEM

From: <Dominic.Brooks_at_barclayscapital.com>
Date: Tue, 3 May 2011 16:05:26 +0100
Message-ID: <853BE8E3785A554D92010F1FB6C0B279B1E0ACDC_at_LDNPCMMGMB11.INTRANET.BARCAPINT.COM>

There are certainly a couple of notes on metalink regarding the need to grant access to dbms_system (and other permissions) in relation to the management of distributed transactions, notably when using certain versions of the jdbc thin driver.

From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of GBA-DBA Sent: 03 May 2011 15:53
To: Oracle Discussion List
Subject: Grant execute on DBMS_SYSTEM

Hello list,

I have a Websphere Portal admin facing some issues with the product and in his research of the problem he found a support note from IBM saying that all the default portal schemas (portal_comm, portal_cust, portal_fdbkdb, portal_jcrdb, portal_likeminds, portal_release) stored in an Oracle 11g R2 database need execute permissions on the DBMS_SYSTEM package.

These are internal schemas used by the product and no one should be playing with them but I feel I shouldn't grant this privilege without a proper explanation on why is required, how is being used by the product and potential issues that it nay cause.

Are there any security threats related to this privilege? Has anyone received a request like this from an application development/deployment perspective?

Thanks in advance for your responses.

--

Regards
GBA

This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unless specifically indicated, this e-mail is not an offer to buy or sell or a solicitation to buy or sell any securities, investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Barclays. Any views or opinions presented are solely those of the author and do not necessarily represent those of Barclays. This e-mail is subject to terms available at the following link: www.barcap.com/emaildisclaimer. By messaging with Barclays you consent to the foregoing. Barclays Capital is the investment banking division of Barclays Bank PLC, a company registered in England (number 1026167) with its registered office at 1 Churchill Place, London, E14 5HP. This email may relate to or be sent from other members of the Barclays Group.

--

http://www.freelists.org/webpage/oracle-l Received on Tue May 03 2011 - 10:05:26 CDT

This message: [ Message body ]
Next message: Goulet, Richard: "RE: Grant execute on DBMS_SYSTEM"
Previous message: GBA-DBA: "Grant execute on DBMS_SYSTEM"
In reply to: GBA-DBA: "Grant execute on DBMS_SYSTEM"
Next in thread: Goulet, Richard: "RE: Grant execute on DBMS_SYSTEM"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message