Re: Drop User System - Is it possible?

Unfortunately, anyone with drop user privilege can drop the SYSTEM user. This happened at our shop recently. An "application administrator" who is responsible for maintaining users was cleaning up old accounts. He didn't think that system account was important. Doh! I had to add SYSTEM back, rerun catalog, catproc, etc. Export thte data, rebuild the database from scratch, and re-import the data. Not fun.

TJ

On Wed, 20 Jun 2001 11:24:53 -0700, "Daniel A. Morgan" <Daniel.Morgan_at_attws.com> wrote:

>Henk Hultink wrote:
>
>> Hi,
>>
>> We have a few users who have DBA-privilege to a database (Oracle 7.3.4). Is
>> it possible for anyone with this privilege to accidentally (or
>> intentionally) drop the user SYSTEM? If so, what measures can be taken
>> (apart from revoking the DBA-privilege of course) to prevent this?
>>
>> --
>> H. Hultink
>> Software Engineer
>> Stoas, Division IOAL
>> Wageningen, The Netherlands
>> "Activating Knowledge"
>> http://www.stoas.nl
>>
>> e-mail: hhu_at_stopspam.stoas.nl
>
>First and foremost go into your database and DROP the default roles CONNECT,
>RESOURCE and DBA provided by Oracle. They are dangerous and are there for
>example purposes ... you are not supposed to just assign them.
>
>And I wouldn't worry so much about someone dropping SYSTEM. I'd worry about
>them dropping objects, roles, grants, SYS, tablespaces, etc.
>
>After you have dropped those roles create new roles that encompass the
>privileges your users acually need. Then assign those. Otherwise you will
>likely experience your worst fears up close and personal.
>
>Daniel A. Morgan
Received on Mon Jun 25 2001 - 21:49:27 CDT