Re: DBA privilege for Security Team

marcel.fleury_at_bluewin.ch (Fleury Marcel) wrote in message news:<f18358b2.0210082236.730c9c54_at_posting.google.com>...
> mngong_at_yahoo.com (michael ngong) wrote in message news:<ecf365d5.0210070334.6188fe22_at_posting.google.com>...
> > mngong_at_yahoo.com (michael ngong) wrote in message news:<ecf365d5.0210030801.4b7c8601_at_posting.google.com>...
> > > marcel.fleury_at_bluewin.ch (Fleury Marcel) wrote in message news:<f18358b2.0209300827.7ae20c5a@posting.google.com>...
> > > > Hello,
> > > > Could you advice me if it reasonable to grant DBA privilege to the
> > > > persons of the security team ?
> > > > If not what kind of privileges do we can grant to these persons
> > > >
> > > > Thank you
> > > >
> > > > Marcel
> > >
> > > If I know what you expect these guys to monitor I will be of some help
> > If whoever is going to make the security checks needs just to be able
> > to view and query database stuff select from tables then the user
> > should be granted create session(to be able to get into the database)
> > and select any table(to be able to find whatever needs to be verified)
> > only
> > > Michael Tubuo Ngong
>
> Thank you very much Michael.
>
> What do you mind about the following situation :
> Until now one of the tasks our DBA's is to create Database accounts.
> From a security point of view is it recommanded that this task have to
> be take in charge by a member of the Security Team (as it is already
> do with OS accounts)
>
> Marcel Fleury
From most situations the users in such cases normally have the same set of rights.(I mean the users that your security guy will have to create).If you know what rights these users will have then you may need to give the rights to the security man with an admin option if you need to be very stingy) If the person does not know what to do and you are expected to guide her you can write a simple script to do that.
HTH
Michael Tubuo Ngong Received on Thu Oct 10 2002 - 19:48:08 CEST