Re: Oracle Enterprise Manager 12c - SYSDBA privs profile

Thanks for your response. I will get the exact requirement and sorry for the insufficient info and glad to see your advice on this.

Thanks,
Shankar

On Tue, Jan 12, 2016 at 12:54 PM, Seth Miller <sethmiller.sm_at_gmail.com> wrote:

> Shankar,
>
> I think the first point that needs to be cleared up is that you don't need
> access to the OS to connect as SYSDBA, therefore there would be no reason
> to connect to the OS at all.
>
> The second point is that any user with membership to the OSDBA group can
> connect as SYSDBA so sudo access is not necessary in any case.
>
> Finally, there is no query that requires SYSDBA. Permission to query any
> object in the database can be given granularly. All queries can be audited.
>
> Your apprehension to grant OS or SYSDBA access is well founded. Nothing
> you have described here requires either.
>
> You will probably have to find out what exactly it is your customer wants
> to do and then find an existing role or create one that allows them to do
> just that and grant it to that user. Auditing can then be set up for that
> role or user specifically.
>
>
> Seth Miller
>
> On Tue, Jan 12, 2016 at 11:59 AM, Apps DBA <dbaorapps_at_gmail.com> wrote:
>
>> Hi Gurus,
>>
>> I have a requirement from my customer DBAs to create a DBA profile or
>> access to production environment where in they wants to have access to
>> check database health and run queries for tuning or any level of SYSDBA
>> access but there is a limitation as per contract to not to have PROD sudo
>> level OS access. Is there anyway to accomplish this through OEM profile
>> creation for set of users or individuals who are DBA's? What are the audit
>> risks involved just am afraid it is a production instance? Please advise
>> and share your ideas.
>>
>> Thanks,
>> Shankar
>>
>
>

--
http://www.freelists.org/webpage/oracle-l