Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Oracle Security Tool

Re: Oracle Security Tool

From: Pete Finnigan <oracle_list_at_peterfinnigan.demon.co.uk>
Date: Wed, 21 Jul 2004 22:44:29 +0100
Message-ID: <Yp16gdA9Ou$ABxrC@peterfinnigan.demon.co.uk> 





In article <OF0DC352ED.0E879B05-ON86256ED7.007812C1-86256ED7.00792D40_at_ip
c.us.aexp.com>, Tracy Rahmlow <tracy.rahmlow_at_aexp.com> writes


>Currently, our IS support staff have full access to the production 

>database.  To minimize risk and to satisfy audit concerns, we need to 

>address the issue.  Preferably as automated as possible.  Does a tool 

>exist, whereby a support staff member could request update access on table 

>abc for x hours and then have the request forwarded for approval and then 

>implemented?  The access would then be automatically revoked after the 

>timeout period. Auditing would be invoked, blah, blah, blah....  Any 

>thoughts??



Hi Tracy,



There is a commercial product from OR Solutions called "Trusted Orange"
that works on an authorisation server, all access to the database is in
effect submitted to the authorisation server first and some member of
the authorisation team approves it. If its approved the users SQL is
sent to the database for execution. Its quite an interesting idea for a
product. I don't know if DDL can be controlled, i suspect it can. I have
looked at the documentation for this product about 1 year ago but not
seen it in real life. I don't remember the URL off hand but there is a
link on my tools page http://www.petefinnigan.com/tools.htm - it may be
of interest.



Of course a home grown solution to your issue could be created as well.



kind regards



Pete

-- 
Pete Finnigan
email:pete_at_petefinnigan.com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.

----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to:  oracle-l-request_at_freelists.org
put 'unsubscribe' in the subject line.
--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------


Received on Wed Jul 21 2004 - 16:43:26 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US