Re: Restricting VPD from SYS

From: Senthil Subramanian <skumar.sen_at_gmail.com>
Date: Fri, 31 Aug 2012 18:32:29 -0400
Message-Id: <0153FD00-4333-4C25-8310-04B0B26988B4_at_gmail.com>

Consider using data vault

+Senthil

Sent from my iPad

On Aug 30, 2012, at 3:18 PM, Tim Gorman <tim_at_evdbt.com> wrote:

> Deepak,
>
> Short answer: No.
>
> Your problem is not with VPD, but with whoever is connecting to the
> database as SYS. Nobody should be logging into SYS (or connecting "AS
> SYSDBA") except to perform installation, upgrade, patching, etc.
>
> I strongly suggest immediately changing the passwords for all SYSDBA
> database accounts as well as the OS account owning the Oracle
> installation, and lock them out. Then, create non-SYSDBA and non-DBA
> accounts for them to use instead.
>
> Good luck!
>
> -Tim
>
> On 8/30/2012 12:50 PM, Deepak Sharma wrote:

>> Hi,
>> We have VPD enforced on a schema for few tables, but when logged-in as SYS, we can view those table's data.
>> 
>> Is there a way (workaround) to restrict SYS from viewing the VPD-related tables?
>> 
>> Already tried "REVOKE EXEMPT ACCESS POLICY FROM SYS;"
>> 
>> Thanks,
>> Deepak
>> 
>> --
>> http://www.freelists.org/webpage/oracle-l

> --
> http://www.freelists.org/webpage/oracle-l
>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Fri Aug 31 2012 - 17:32:29 CDT

This message: [ Message body ]
Next message: Peter Sharman: "RE: EM12c false alarms for blocking locks"
Previous message: goran bogdanovic: "Re: Multi-instances cluster and ASM max lun numbers"
In reply to: Tim Gorman: "Re: Restricting VPD from SYS"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message