| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.misc -> Re: System/Manager account
My Name <spring13_at_earthlink.net> writes:
> Hi,
>
> I am new to Oracle database, so this might sound a little stupid.
> we have a database and we have created few "super_users" that have the
> rights to create their own tables and various of other things. But I
> would always use the system/manager account to do any administration
> stuff. I have never changed the password for the system account because
> i am afraid that if i would forget it.(stupid eh?). But ofcourse,
> this is a security concern.Should I creat another account exactly same
> as the system/manager? if so, HOW?
> can you please advice or let me know what do you do to with
> system/manager account once you databases is up and running?
IMO, this setup is a BAD idea. From your description, it appears that the
few "super_users" are only creating tables and views and little else.
Are these users creating tables and views in the sys schema? If so, they should be moved to their own schemas.
Many users having administrator privileges can only lead to trouble. If someone makes a mistake, it could crash the database or make it unusable.
Some may argue that they "need" DBA privileges in order to do their work. I don't buy it. Just make sure that they have the roles and privileges that they need and they'll be fine.
As to the system account, change the password NOW. If you haven't changed the password for the sys account and the internal account (if on NT), change them too. Leaving the passwords unchanged just invites an attack.
>
>
>
--
Rick
Rick Wessman
Security and Directory Technologies
Server Technologies
Oracle Corporation
rwessman_at_us.oracle.com
The statements and opinions expressed here are my own and do not
necessarily represent those of Oracle Corporation.
Received on Tue Nov 02 1999 - 07:38:17 CST
 |
 |