Re: Default user permissions

On 09/11/11 18:28, Joel.Patterson@xxxxxxxxxxx wrote:

> The other great third party vendor recommendations is to grant DBA, (or 
> actually both at same time, thus giving the DBA an immediate 'ah oh, somebody 
> doesn't know oracle moment'.   Third parties want their product to seem easy 
> to install, maintain and use, and appear to work out of the box: -- security 
> and safety not a concern for them, selling the product is the goal.  'God' 
> rights work pretty good for that, and last long enough to settle it.
Tell me about it! I have supported applications that required DBA, 
CONNECT and RESOURCE - and yes, I have that "hmmm" moment when I read that.

I usually send a "bug" report back to the vendor asking them to specify 
*exactly* what is needed and not what they used in their development.

So far, I'be had one solitary vendor do the work and figure it all out. 
The rest state that if we don't assign those exact privs, they won't 
support the application. Which makes me thing, probably correctly, that 
they *really* don't have a clue about Oracle - especially when you point 
out the overlaps - they still insist on all three.

That's when we get the security teams involved - nasty! ;-)


Cheers,
Norm.

-- 
Norman Dunbar
Dunbar IT Consultants Ltd

Registered address:
Thorpe House
61 Richardshaw Lane
Pudsey
West Yorkshire
United Kingdom
LS28 7EL

Company Number: 05132767
--
http://www.freelists.org/webpage/oracle-l


Other related posts: