Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: how to revoke access to sys.aud$ in 10G
"camnewyork" <cmercer_at_vibrant-1.com> wrote in message
news:1119469785.343936.42030_at_g49g2000cwa.googlegroups.com...
> forgive me if this is a stupid question, I have been away from Oracle
> for a while. I have some people in my company who have turned on
> auditing in 10G and they noticed that everyone in the database can
> query sys.aud$. They want this priv removed since the users can seen
> queries this way. I started poking around and found the following:
>
> I can create a new user, grant only "create session" to the user, login
> as the user and successfully select * from sys.aud$. When I check the
> session privs doing select * from session_privs I see:
>
> PRIVILEGE
> ----------------------------------------
> CREATE SESSION
> SELECT ANY DICTIONARY
>
> I am suspecting that "select any dictionary" is giving access to
> sys.aud$. I can't prove this though. I tried revoking it as sys/sysdba
> and can not. It says:
>
> ERROR at line 1:
> ORA-01952: system privileges not granted to 'CARL'
>
> I noticed that select any dictionary was granted to public so... I
> tried revoking it from public.... bad idea. Package standard went bad
> along with a few others and I could not log back in as "carl". In order
> to get the database working again I needed to regrant select any
> dictionary and compile standard.
>
> So.... what is giving a new user access to sys.aud$? If more info is
> needed let me know.
>
>
> Carl
>
From 10g documentation:
Do the rest of the research yourself.
-- Andreas Oracle 9i Certified Professional Oracle 10g Certified Professional Oracle 9i Certified PL/SQL Developer "If you don't eat your meat, you cannot have any pudding. "How can you have any pudding if you don't eat your meat?!?!" --- WARNING: DO NOT REPLY TO THIS EMAIL Reply to me only on this newsgroupReceived on Wed Jun 22 2005 - 15:20:16 CDT