Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: DBAs, roles and privs
On Sun, 16 May 2004 12:59:40 -0700, Daniel Morgan <damorgan_at_x.washington.edu>
wrote:
>Then, each and every week revoke the privileges you think most unlikely
>to be required and/or most dangerous. When someone complains about
>something you'll know the privilege was required and since you will know
>which one's you revoked you can provide a two-second fix. Eventually you
>will have a role that truly reflects the privs required.
>
>Other things I would do:
>1. Write a DDL trigger that makes it impossible to DROP, ALTER, or
>TRUNCATE any object. Code for this can be found at:
You're kiddin, aren't you?
On a production system?
Revoking some privilege and looking what happens? On a mission-critical system?
I really don't give a damn if you're working for Boeing or Amazon, this advice is not serious!
-- Marc Blum mailto:blumNOSPAM_at_marcblum.de http://www.marcblum.deReceived on Sun May 16 2004 - 15:27:36 CDT