Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> how to revoke access to sys.aud$ in 10G

how to revoke access to sys.aud$ in 10G

From: camnewyork <cmercer_at_vibrant-1.com>
Date: 22 Jun 2005 12:49:45 -0700
Message-ID: <1119469785.343936.42030@g49g2000cwa.googlegroups.com>


forgive me if this is a stupid question, I have been away from Oracle for a while. I have some people in my company who have turned on auditing in 10G and they noticed that everyone in the database can query sys.aud$. They want this priv removed since the users can seen queries this way. I started poking around and found the following:

I can create a new user, grant only "create session" to the user, login as the user and successfully select * from sys.aud$. When I check the session privs doing select * from session_privs I see:

PRIVILEGE



CREATE SESSION
SELECT ANY DICTIONARY I am suspecting that "select any dictionary" is giving access to sys.aud$. I can't prove this though. I tried revoking it as sys/sysdba and can not. It says:

ERROR at line 1:
ORA-01952: system privileges not granted to 'CARL'

I noticed that select any dictionary was granted to public so... I tried revoking it from public.... bad idea. Package standard went bad along with a few others and I could not log back in as "carl". In order to get the database working again I needed to regrant select any dictionary and compile standard.

So.... what is giving a new user access to sys.aud$? If more info is needed let me know.

Carl Received on Wed Jun 22 2005 - 14:49:45 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US