Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: OK to revoke privileges from SYS or DBA?

Re: OK to revoke privileges from SYS or DBA?

From: Dave <x_at_x.com>
Date: Sun, 05 Dec 2004 21:05:08 GMT
Message-ID: <8KKsd.30773$up1.14525@text.news.blueyonder.co.uk> 






"DA Morgan" <damorgan_at_x.washington.edu> wrote in message 
news:1102272986.366416_at_yasure...


> Tom wrote:

>

>> I'm working on a project to secure a database for the government, and

>> one of the recommendations from an analysis tool is to remove some

>> privileges from SYS or DBA, namely privileges granted with the ADMIN

>> option.

>>

>> Is it safe to change any of the privileges associated with the SYS

>> user or DBA role?  Is this supported by Oracle?

>>

>> Thanks,

>>

>> Tom

>

> I'd drop the DBA role completely as that is what Oracle advises. It

> exists, like CONNECT and RESOURCE solely for demonstration purposes

> just as does SCOTT/TIGER.

>

> Dropping privs from SYS, if it is possible, is preposterous on its

> face as anyone logged on as SYS could always grant them again at will.

> If you want fool-proof security this is not the way to achieve it.

> You can contact me off-line if you wish and are a U.S. person.

> -- 

> Daniel A. Morgan

> University of Washington

> damorgan_at_x.washington.edu

> (replace 'x' with 'u' to respond)




can you provide a link as to where oracle advise dropping the dba role 
Received on Sun Dec 05 2004 - 15:05:08 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US