Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: DBAs, roles and privs
On 05/17/2004 09:40 AM, Daniel Morgan said:
> Pete Finnigan wrote:
>
>
>>I am sorry I have to >>disagree with Daniel, just dropping privileges until something breaks is >>not a good plan. I have seen this done before and it results in chaos.
You can use Oracle's auditing features to get some level of assurance before revoking a privilege. Dba_audit_trail shows you what privilege was used to do some action. So if you are thinking of revoking the DROP ANY TABLE privilege, AUDIT DROP ANY TABLE for a while, and check the audit trail to see if that privilege was actually used for anything.
Still, I think it's best to work with the vendor, and do what they recommend. And if that doesn't match your security policies, write it up as an exception, and get both the data owner and your management to sign off on it.
-- Joe http://www.joekaz.net/ http://www.cafeshops.com/joekazReceived on Mon May 17 2004 - 17:32:02 CDT