Re: impersonating another user???

From: Pete Finnigan <oracle_list_at_peterfinnigan.demon.co.uk>
Date: Sat, 02 Aug 2003 11:39:23 -0800
Message-ID: <F001.005C87A2.20030802113923@fatcity.com>

Hi

I have not tried proxy accounts other than working through the examples in Tom Kytes book and building the sample OCI proxy code. It sounds a little strange business practice though. I would personally rather see the "user" impersonating a manager be granted the privileges directly to his/her account and then those privileges be removed when the "impersonation" finishes, that way the "user" generates their own audit trail and is accountable for their actions. Letting the user have the managers password and changing that later is another option but that would leave any audit trail showing that the original manager did it.

The proxy functionality will work for you though and also includes new proxy entries in the audit trail to show that the underling has been doing manager things!.

Get hold of Tom Ktyes book or have a look at his asktom site for well examples samples of how this works.

hth

kind regards

Pete
--

Pete Finnigan
email:pete_at_petefinnigan.com
Web site: http://www.petefinnigan.com - Oracle security audit specialists Book:Oracle security step-by-step Guide - see http://store.sans.org for details.

--

Please see the official ORACLE-L FAQ: http://www.orafaq.net
--

Author: Pete Finnigan
  INET: oracle_list_at_peterfinnigan.demon.co.uk

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------

To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Sat Aug 02 2003 - 14:39:23 CDT