Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: how to revoke access to sys.aud$ in 10G
"camnewyork" <cmercer_at_vibrant-1.com> wrote in message
news:1119529074.991686.178590_at_z14g2000cwz.googlegroups.com...
>I tried that and the database started producing errors. I could not
> login and anyone but "/ as sysdba". Multiple packages and triggers went
> invalid. In order to get the database back up and running I needed to
> "grant select any dictionary" back to public then recompile.
>
> SQL> revoke SELECT ANY DICTIONARY from public;
>
> Revoke succeeded.
>
> SQL> conn carl/carl
> ERROR:
> ORA-06553: PLS-213: package STANDARD not accessible
>
>
> Error accessing package DBMS_APPLICATION_INFO
>
> SQL> conn / as sysdba
>
> SQL> grant select any dictionary to public;
>
> Grant succeeded.
>
> SQL> conn carl/carl
> ERROR:
> ORA-06553: PLS-213: package STANDARD not accessible
>
>
> Error accessing package DBMS_APPLICATION_INFO
>
> SQL> drop user carl;
> drop user carl
> *
> ERROR at line 1:
> ORA-00604: error occurred at recursive SQL level 1
> ORA-06553: PLS-213: package STANDARD not accessible
>
>
> SQL> alter package standard compile;
>
> Package altered.
>
> SQL> conn carl/carl
> Connected.
>
> So far I have had to recompile standard (which took 3 minutes so it
> must have cascaded compiles) and xdb.xdb_pi_trig. The latter was
> causing an error when a drop was issued. It sure looks like "select any
> dictionary" is tied into the 10G stucture. If this does not sound
> right, let me know. I did not think that select any database would be a
> required system privilage which is why I revoked it. I am still fixing
> the database because of it.
>
>
> Thanks for the reply.
>
> Carl
>
And again, what is the value of 07_DICTIONARY_ACCESSIBILITY?
show parameter 07_DICTIONARY_ACCESSIBILITY
I'm assuming it's true because PUBLIC was granted select any dictionary.
..... From documentation .....
The Oracle parameter 07_DICTIONARY_ACCESSIBILITY is set to FALSE by
default, to limit sensitive data dictionary access only to those authorized.
..........
-- Andreas Oracle 9i Certified Professional Oracle 10g Certified Professional Oracle 9i Certified PL/SQL Developer "If you don't eat your meat, you cannot have any pudding. "How can you have any pudding if you don't eat your meat?!?!" --- WARNING: DO NOT REPLY TO THIS EMAIL Reply to me only on this newsgroupReceived on Thu Jun 23 2005 - 13:47:24 CDT