Re: Restricting internal access to users.

jiju wrote:

> I am using Oracle 8.1.7 on Windows 2000 server. Also, I am not using
> OS authentication. But I guess like Quarkman said, I shouldn't grant
> connect and resource roles to a user. May be I should create another
> role with specific privileges and grant that role??
>
> thanks all of you guys for responding.
>
> Daniel Morgan <damorgan_at_exxesolutions.com> wrote in message news:<3F383250.5B6738C8_at_exxesolutions.com>...
> > jiju wrote:
> >
> > > hello,
> > >
> > > How do I restrict internal account access to database users? I created
> > > a user called user1 and granted him connect and resource privileges.
> > > Now after I connect as user1, I tried 'connect internal' and I get
> > > connected to the database as 'SYS' which is dangerous. How can I
> > > restrict this such that when user1 tries to 'connect internal' it will
> > > prompt for the password. Please help.
> > >
> > > Thanks in advance.
> > >
> > > jiju
> >
> > Log on as SYS and perform the following:
> >
> > DROP ROLE connect;
> > DROP ROLE resource;
> > DROP ROLE dba;
> >
> > That is what Oracle recommends.
> >
> > Now create specific roles that relate to what people actually do and
> > assign those to your users.

Exactly!

--
Daniel Morgan
http://www.outreach.washington.edu/extinfo/certprog/oad/oad_crs.asp
damorgan_at_x.washington.edu
(replace 'x' with a 'u' to reply)