Do you make use of proxy users ?
Do you have any users with this privilege ?
Regards
Jonathan Lewis
From: oracle-l-bounce_at_freelists.org <oracle-l-bounce_at_freelists.org> on behalf of Charlotte Hammond <dmarc-noreply_at_freelists.org>
Sent: 04 November 2019 18:36
To: dmarc-noreply_at_freelists.org; Stefan Knecht
Cc: Oracle-L Freelists
Subject: Re: Where is this Privilege coming from?
Hi Stefan,
Yes - VPD is in use. We see EXEMPT ACCESS POLICY in the audit trail when any of the tables with a policy on it is accessed by this user. So that makes sense. But I just can't figure out how it is getting the privilege in the first place.
Thanks,
Charlotte
On Monday, November 4, 2019, 06:12:28 PM GMT, Stefan Knecht <knecht.stefan_at_gmail.com> wrote:
Are you using VPD in that database?
On Tue, Nov 5, 2019 at 12:36 AM Charlotte Hammond <dmarc-noreply_at_freelists.org<mailto:dmarc-noreply_at_freelists.org>> wrote:
Hello All,
In my database audit trail I can see lots of entries for use of the privilege "EXEMPT ACCESS POLICY" (PRIV_USED) for a particular database user (a shared account used by the front end application - sessions are created/destroyed dynamically through the day). The RETURNCODE is 0 for these entries.
However this database user does not have this privilege granted to them either directly or through a role (and the 1 role they have does not have any system privileges). Also, if I log in directly as this database user using sqlplus I do not have this privilege. I presume the application is doing something special when it creates the session but I cannot think what!
So where is this privilege coming from to appear in the audit trail? Any suggestions on how to track this down much appreciated!
Thanks,
Charlotte
