Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: update statement PL/SQL
On Sat, 30 Apr 2005, damorgan_at_x.washington.edu wrote:
> So if complying with federal law requires FGAC and FGA and other
> capabilities built into 9i and 10g so be it. If in the EU you don't
> have laws equivalent to SarbOx you have far less incentive to
> upgrade.
Hey Daniel,
Are the FGAC and FGA able to pass all Sarbanes-Oxley requirements? In this, I mean, I know I can solve any requirement with the Oracle tools, but do Sarbanes-Oxley audits recognize that fact and therefore they audit the implementation, or do they just say, "You have what access to the database? No way hose!!!"
With FGAC and FGA one can legitimately give sqlplus access to end-users and completely still pass audit muster. But the Sarbanes-Oxley doesn't allow "direct" access to the database. Hm..., so I have an app user that owns nothing but synonyms with appropriate access to the application schema and logon triggers transporting those users to the app user. These users can have sqlplus access, correct? Or is Sarbanes-Oxley going to shut that down?
What exactly is "direct" access?
-- Galen deForest BoyerReceived on Sun May 01 2005 - 10:11:02 CDT