Re: Dormant database user accounts

From: Tim Gorman <tim_at_evdbt.com>
Date: Mon, 16 Mar 2015 08:43:46 -0600
Message-ID: <5506EC22.5040207_at_evdbt.com>

<shameless-plug>
...or if the database has been virtualized, you can go ahead and drop because the timeflow within Delphix allows you to restore a virtual copy of the database quickly and cheaply from any point in time within the retention policy.
</shameless-plug>

It's funny how, after you find a good general-purpose tool, you find new unanticipated uses for it.

On 3/16/15 8:09, Hans Forbrich wrote:
> One additional thing you can consider is an export by user immediately
> before removing.
>
> /Hans
>
>
> On 16/03/2015 7:35 AM, Leroy Kemnitz wrote:
>>
>> Thanks for all of the good input on this.
>>
>> To answer some of the questions � Yes, I am auditing user logins. So
>> I am querying the audit views to find the user accounts that were
>> used in the last year and half, then comparing them to the actual
>> list of users setup in the database. Also, these accounts are the
>> human accounts � they don�t own any objects. My application owner
>> logins are separate.
>>
>> So it does sound like 90 days is the avg time to expire a password.
>> The user is then sent an email alerting them to the change. Then
>> after about 6 months of inactivity, the locked accounts are deleted.
>>
>> That completely makes sense to me��.now to convince the security
>> officier.
>>
>> LeRoy
>>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Mon Mar 16 2015 - 15:43:46 CET

This message: [ Message body ]
Next message: MARK BRINSMEAD: "Re: Dormant database user accounts"
Previous message: Tim Gorman: "Re: Dormant database user accounts"
In reply to: Hans Forbrich: "Re: Dormant database user accounts"
Next in thread: Tim Gorman: "Re: Dormant database user accounts"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message