Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: DBAs, roles and privs

Re: DBAs, roles and privs

From: Marc Blum <blum_at_marcblum.de>
Date: Sun, 16 May 2004 22:27:36 +0200
Message-ID: <kdjfa0l9k81bsqat9ab6ldt2bkrcla0o5i@4ax.com> 





On Sun, 16 May 2004 12:59:40 -0700, Daniel Morgan <damorgan_at_x.washington.edu>
wrote:



>Then, each and every week revoke the privileges you think most unlikely

>to be required and/or most dangerous. When someone complains about

>something you'll know the privilege was required and since you will know

>which one's you revoked you can provide a two-second fix. Eventually you

>will have a role that truly reflects the privs required.

>

>Other things I would do:

>1. Write a DDL trigger that makes it impossible to DROP, ALTER, or

>TRUNCATE any object. Code for this can be found at:




You're kiddin, aren't you?



On a production system?



Revoking some privilege and looking  what happens? On a mission-critical system?



I really don't give a damn if you're working for Boeing or Amazon, this advice
is not serious!
 


--
Marc Blum
mailto:blumNOSPAM_at_marcblum.de
http://www.marcblum.de


Received on Sun May 16 2004 - 15:27:36 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US