Re: Restricting VPD from SYS

From: Tim Gorman <tim_at_evdbt.com>
Date: Thu, 30 Aug 2012 13:18:37 -0600
Message-ID: <503FBC8D.7050307_at_evdbt.com>

Deepak,

Short answer: No.

Your problem is not with VPD, but with whoever is connecting to the database as SYS. Nobody should be logging into SYS (or connecting "AS SYSDBA") except to perform installation, upgrade, patching, etc.

I strongly suggest immediately changing the passwords for all SYSDBA database accounts as well as the OS account owning the Oracle installation, and lock them out. Then, create non-SYSDBA and non-DBA accounts for them to use instead.

Good luck!

-Tim

On 8/30/2012 12:50 PM, Deepak Sharma wrote:
> Hi,
> We have VPD enforced on a schema for few tables, but when logged-in as SYS, we can view those table's data.
>
> Is there a way (workaround) to restrict SYS from viewing the VPD-related tables?
>
> Already tried "REVOKE EXEMPT ACCESS POLICY FROM SYS;"
>
> Thanks,
> Deepak
>
> --
> http://www.freelists.org/webpage/oracle-l

--
http://www.freelists.org/webpage/oracle-l

Received on Thu Aug 30 2012 - 14:18:37 CDT

This message: [ Message body ]
Next message: Hans Forbrich: "Re: oracle-l Digest V9 #240"
Previous message: Stephens, Chris: "RE: oracle-l Digest V9 #240"
In reply to: Deepak Sharma: "Restricting VPD from SYS"
Next in thread: Senthil Subramanian: "Re: Restricting VPD from SYS"
Reply: Senthil Subramanian: "Re: Restricting VPD from SYS"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message