| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: OK to revoke privileges from SYS or DBA?
DA Morgan wrote:
> > egrep -i 'grant ' *.* | egrep -i ' (connect|resource)( |,)'
> > a0801070.sql: execute immediate 'GRANT DEBUG CONNECT SESSION TO
JAVADEBUGPRIV';
> > c0703040.sql: 'grant connect, resource, execute any
procedure to outln',
> > c0800050.sql: 'grant connect, resource, execute any
procedure to outln',
> > catqm.sql:grant resource to xdb;
> > catsnmp.sql:grant connect to OEM_MONITOR;
> > catsnmp.sql:grant resource to OEM_MONITOR;
> > catsnmp.sql:grant CONNECT, SELECT ANY DICTIONARY to DBSNMP;
> > catxdbr.sql:Rem nagarwal 11/05/01 - grant DML privileges to
resource view
> > csminst.sql:grant connect, resource, dba to csmig
> > dbmslsby.sql:Rem jnesheiw 07/23/02 - grant connect, resource
to logstdby_administrator
> > dbmslsby.sql:GRANT CONNECT, RESOURCE TO logstdby_administrator;
> > jvmsec5.sql:GRANT DEBUG CONNECT SESSION TO JAVADEBUGPRIV;
> > migrate.bsq:grant connect, resource, dba to migrate identified by
migrate;
> > owmctab.plb:grant connect, resource, create public synonym, drop
public synonym, create role to wmsys;
> > owmu901.plb:grant connect, resource, create public synonym, drop
public synonym to wmsys;
> > prvtbiau.plb:1 GRANT CONNECT THROUGH :
> > sql.bsq:grant connect to outln
> > sql.bsq:grant resource to outln
> > utlsampl.sql:GRANT CONNECT,RESOURCE,UNLIMITED TABLESPACE TO SCOTT
IDENTIFIED BY TIGER;
> >
> >
> > Anurag
>
> Because they are security holes. Perhaps it is just me but I read
> scripts before I run them and edit them where appropriate.
I pointed out that the CTXSYS scripts use the roles you mention. Anurag points out
sql.bsq
uowmu901.plb a0801070.sql c0703040.sql c0800050.sql
migrate.bsq owmctab.plb owmu901.plb
I just can't see that it is defensible to edit these scripts in the way you describe. You'd have to edit sql.bsq to do it correctly and ensure all subsequent scripts got changed appropriately (including as Anurag points out the users that depend upon wrapped scripts). It clearly would leave you with an unsupported system, even if you were lucky enough to get away with setting your new roles up with the appropriate privs. In a security conscious environment it makes no sense to have a system that you can't support, possibly can't patch or upgrade.
> I absolutely fail to see why anyone would grant CONNECT knowing it
> is giving each and every end user the ability to create a database
> link. It may not be a problem where many of you work ... but in a
> security conscious environment ... it just makes no sense: At least
> to me.
That is an entirely different, and reasonable argument, of course good
practice is not to grant connect but a user defined role with
appropriate rights. Good practice is not to grant elevated os
privileges to people, it doesn't mean that the privileges get removed
from the os - it means they get used appropriately. Exactly the same
applies here. The 'existence' of powerful privileges is not a security
hole, the inappropriate grant and use of them is.
Niall Litchfield
Oracle DBA
http://www.niall.litchfield.dial.pipex.com
Received on Tue Dec 07 2004 - 05:02:24 CST
 |
 |