Re: Dormant database user accounts
Date: Fri, 13 Mar 2015 15:09:15 -0600
Message-ID: <550351FB.9020309_at_gmail.com>
Mostly concur. For me, first step is to revoke CREATE SESSION (and revoke CONNECT role). That turns it into a pure schema owner. Then, if it owns no schema objects, and it stays idle for a month and no one has screamed about broken jobs, it's probably truly stale.
/Hans
On 13/03/2015 1:22 PM, Powell, Mark wrote:
>
> If you are going to notify the user I think you should send the email
> X days prior to deleting the account.
>
> *From:*oracle-l-bounce_at_freelists.org
> [mailto:oracle-l-bounce_at_freelists.org] *On Behalf Of *Andrew Kerber
> *Sent:* Friday, March 13, 2015 11:06 AM
> *To:* lkemnitz_at_uwsa.edu
> *Cc:* oracle-l_at_freelists.org
> *Subject:* Re: Dormant database user accounts
>
> You need to be a little cautions about this. We have accounts that
> own objects that we never log in to. But the objects are critical.
>
> On Thu, Mar 12, 2015 at 3:05 PM, Leroy Kemnitz <lkemnitz_at_uwsa.edu
> <mailto:lkemnitz_at_uwsa.edu>> wrote:
>
> All –
>
> We are currently having a discussion in house about user accounts in
> the databases that are considered ‘dormant’ or unused. I want to set
> a limit of one year. If after one year, the account has not been used
> at all, then I want to delete the account and send an email to the
> last known email address informing the customer. How do other places
> handle this situation? Do you lock the accounts and then notify
> customers – then delete if no response in 2 weeks? What time limits
> are other people using? I see some people are doing 90 days of not
> logging in flags an account as ‘dormant’.
>
> LeRoy
>
>
>
>
> --
>
> Andrew W. Kerber
>
> 'If at first you dont succeed, dont take up skydiving.'
>
-- http://www.freelists.org/webpage/oracle-lReceived on Fri Mar 13 2015 - 22:09:15 CET