Re: Default user permissions
Date: Thu, 10 Nov 2011 08:37:44 +0000
On 09/11/11 18:28, Joel.Patterson_at_crowley.com wrote:
> The other great third party vendor recommendations is to grant DBA, (or actually both at same time, thus giving the DBA an immediate 'ah oh, somebody doesn't know oracle moment'. Third parties want their product to seem easy to install, maintain and use, and appear to work out of the box: -- security and safety not a concern for them, selling the product is the goal. 'God' rights work pretty good for that, and last long enough to settle it.
Tell me about it! I have supported applications that required DBA, CONNECT and RESOURCE - and yes, I have that "hmmm" moment when I read that.
I usually send a "bug" report back to the vendor asking them to specify *exactly* what is needed and not what they used in their development.
So far, I'be had one solitary vendor do the work and figure it all out. The rest state that if we don't assign those exact privs, they won't support the application. Which makes me thing, probably correctly, that they *really* don't have a clue about Oracle - especially when you point out the overlaps - they still insist on all three.
That's when we get the security teams involved - nasty! ;-)
-- Norman Dunbar Dunbar IT Consultants Ltd Registered address: Thorpe House 61 Richardshaw Lane Pudsey West Yorkshire United Kingdom LS28 7EL Company Number: 05132767 -- http://www.freelists.org/webpage/oracle-lReceived on Thu Nov 10 2011 - 02:37:44 CST