Re: limiting access

From: Martin Berger <martin.a.berger_at_gmail.com>
Date: Sat, 30 May 2015 22:24:51 +0200
Message-ID: <CALH8A916L5R02G4svXDy-LSzca2=55XbHKW5C=bO+A1kG6cZ3Q_at_mail.gmail.com>

Oracle Clusterware has a powerful system of permissions (similar to unix permissions on an user/group/app RWX matrix) for resources - that might help.

Martin

2015-05-30 0:12 GMT+02:00 Stefan Knecht <knecht.stefan_at_gmail.com>:

> To add to what Jared has already said, perhaps even use a set of scripts
> to enable very specific functionality via sudo, instead of granting access
> to all functions of e.g. srvctl, crsctl, etc...
> On May 29, 2015 9:53 PM, "Jared Still" <jkstill_at_gmail.com> wrote:
>
>>
>> On Fri, May 29, 2015 at 7:38 AM, Chris King <ckaj111_at_yahoo.ca> wrote:
>>
>>> What would you recommend as an overall method of granting the least
>>> possible privileges on the linux side? For instance, to restart dbconsole
>>> will require login as oracle, which I'd rather avoid giving away, but not
>>> sure that's possible.
>>>
>>
>> If the number of commands they need to run as oracle is limited, don't
>> give them the oracle login, setup sudo instead.
>>
>>

--
http://www.freelists.org/webpage/oracle-l

Received on Sat May 30 2015 - 22:24:51 CEST

This message: [ Message body ]
Previous message: Stefan Knecht: "Re: limiting access"
In reply to: Stefan Knecht: "Re: limiting access"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message