Re: Simple Security Questions
Date: Wed, 15 Oct 2008 06:58:48 -0700 (PDT)
On Oct 14, 6:04 pm, Palooka <nob..._at_nowhere.com> wrote:
> Can I safely lock the following accounts (10.2.0.4)?
> None of these ever log in, according to DBA_AUDIT_TRAIL. I have session
> auditing on.
This is an interesting question. Most shops advocate not using SYSTEM on a regular basis, but I also have never heard a suggestion to lock it, either. I would defer to being conservative and not locking it, though. My guess is Oracle wouldn't even support it, but that is exactly that...a guess.
OUTLN I think is already locked by default. For MGMT_VIEW I have no clue. It doesn't look like it is locked by default, though. The following may be of interest...
> Also, should I create a new role, with various system privileges, to
> replace the "burned in" DBA role, and grant that to myself rather than DBA?
I think the new role is a good idea. We did this some time ago by reverse engineering the existing DBA role and extracting from it what we actually used.
> For information, we are using the database, OEM and RMAN. No RAC, no
> Oracle Applications, no ASM, no DataGuard.
> Jobs are scheduled with the newer database scheduler, not DBMS_JOB. Is
> it therefore OK to set JOB_QUEUE_PROCESSES to zero?
JOB_QUEUE_PROCESSES is still used for materialized views updates and I think streams queues. Received on Wed Oct 15 2008 - 08:58:48 CDT