Re: Restricting VPD from SYS
Date: Thu, 30 Aug 2012 13:18:37 -0600
Short answer: No.
Your problem is not with VPD, but with whoever is connecting to the database as SYS. Nobody should be logging into SYS (or connecting "AS SYSDBA") except to perform installation, upgrade, patching, etc.
I strongly suggest immediately changing the passwords for all SYSDBA database accounts as well as the OS account owning the Oracle installation, and lock them out. Then, create non-SYSDBA and non-DBA accounts for them to use instead.
On 8/30/2012 12:50 PM, Deepak Sharma wrote:
> We have VPD enforced on a schema for few tables, but when logged-in as SYS, we can view those table's data.
> Is there a way (workaround) to restrict SYS from viewing the VPD-related tables?
> Already tried "REVOKE EXEMPT ACCESS POLICY FROM SYS;"