| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: OK to revoke privileges from SYS or DBA?
Tom wrote:
> I'm working on a project to secure a database for the government, and
> one of the recommendations from an analysis tool is to remove some
> privileges from SYS or DBA, namely privileges granted with the ADMIN
> option.
>
> Is it safe to change any of the privileges associated with the SYS
> user or DBA role? Is this supported by Oracle?
>
> Thanks,
>
> Tom
I'd drop the DBA role completely as that is what Oracle advises. It exists, like CONNECT and RESOURCE solely for demonstration purposes just as does SCOTT/TIGER.
Dropping privs from SYS, if it is possible, is preposterous on its face as anyone logged on as SYS could always grant them again at will. If you want fool-proof security this is not the way to achieve it. You can contact me off-line if you wish and are a U.S. person.
-- Daniel A. Morgan University of Washington damorgan_at_x.washington.edu (replace 'x' with 'u' to respond)Received on Sun Dec 05 2004 - 12:58:08 CST
 |
 |