Re: Drop User System - Is it possible?

Henk Hultink wrote:

> Hi,
>
> We have a few users who have DBA-privilege to a database (Oracle 7.3.4). Is
> it possible for anyone with this privilege to accidentally (or
> intentionally) drop the user SYSTEM? If so, what measures can be taken
> (apart from revoking the DBA-privilege of course) to prevent this?
>
> --
> H. Hultink
> Software Engineer
> Stoas, Division IOAL
> Wageningen, The Netherlands
> "Activating Knowledge"
> http://www.stoas.nl
>
> e-mail: hhu_at_stopspam.stoas.nl

First and foremost go into your database and DROP the default roles CONNECT, RESOURCE and DBA provided by Oracle. They are dangerous and are there for example purposes ... you are not supposed to just assign them.

And I wouldn't worry so much about someone dropping SYSTEM. I'd worry about them dropping objects, roles, grants, SYS, tablespaces, etc.

After you have dropped those roles create new roles that encompass the privileges your users acually need. Then assign those. Otherwise you will likely experience your worst fears up close and personal.

Daniel A. Morgan Received on Wed Jun 20 2001 - 13:24:53 CDT