Re: Where is this Privilege coming from?
Date: Mon, 4 Nov 2019 18:36:00 +0000 (UTC)
Message-ID: <521597940.1375395.1572892560438_at_mail.yahoo.com>
Hi Stefan,
Yes - VPD is in use. We see EXEMPT ACCESS POLICY in the audit trail when any of the tables with a policy on it is accessed by this user. So that makes sense. But I just can't figure out how it is getting the privilege in the first place.
Thanks,Charlotte
On Monday, November 4, 2019, 06:12:28 PM GMT, Stefan Knecht <knecht.stefan_at_gmail.com> wrote:
Are you using VPD in that database?
On Tue, Nov 5, 2019 at 12:36 AM Charlotte Hammond <dmarc-noreply_at_freelists.org> wrote:
Hello All,
In my database audit trail I can see lots of entries for use of the privilege "EXEMPT ACCESS POLICY" (PRIV_USED) for a particular database user (a shared account used by the front end application - sessions are created/destroyed dynamically through the day). The RETURNCODE is 0 for these entries.
However this database user does not have this privilege granted to them either directly or through a role (and the 1 role they have does not have any system privileges). Also, if I log in directly as this database user using sqlplus I do not have this privilege. I presume the application is doing something special when it creates the session but I cannot think what!
So where is this privilege coming from to appear in the audit trail? Any suggestions on how to track this down much appreciated!
Thanks,Charlotte
-- //zztat - The Next-Gen Oracle Performance Monitoring and Reaction Framework!Visit us at zztat.net | _at_zztat_oracle | fb.me/zztat | zztat.net/blog/ -- http://www.freelists.org/webpage/oracle-lReceived on Mon Nov 04 2019 - 19:36:00 CET