RE: Looking for opinions...

"Situation is a "generic" database account that too many people know the
password to.  But they need to know the password for valid business
reasons. "

You would have to argue long and hard to convince me there are valid
business reasons.  If this were an in-scope SOX database, could you
convince the auditors that these people need to access this account?
I've never been able to do it.

Jay 

-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Sweetser, Joe
Sent: Thursday, January 31, 2008 11:38 AM
To: oracle-l@xxxxxxxxxxxxx
Subject: Looking for opinions...

Situation is a "generic" database account that too many people know the
password to.  But they need to know the password for valid business
reasons.  Does it make more sense to limit that account's access to its'
own tables or create a new account(s) and grant those the specific
access they need?  I like the second option for various  reasons
(auditability (is that a word?) and accountability to name two) but
others think just controlling the generic account's access to objects is
fine.  To be a little more clear (and one reason why I don't like the
first option), there would be different privs on different tables -
select only on table A; select, insert on table B; select, update on
Table C; etc).  Even with using roles, something just sort of bugs me
about an owner/account not being to update its' own data (read-only
situation exceptions, of course).

Opinions/comments/suggestions?  Feel free to send back-channel and I
will summarize since I don't think this falls under a technical
umbrella.  :-)

Thanks,
-joe

 
Confidentiality Note: This message contains information that may be
confidential and/or privileged. If you are not the intended recipient,
you should not use, copy, disclose, distribute or take any action based
on this message. If you have received this message in error, please
advise the sender immediately by reply email and delete this message.
Although ICAT Managers, LLC scans e-mail and attachments for viruses, it
does not guarantee that either are virus-free and accepts no liability
for any damage sustained as a result of viruses.  Thank you.

--
http://www.freelists.org/webpage/oracle-l



**DISCLAIMER
This e-mail message and any files transmitted with it are intended for the use 
of the individual or entity to which they are addressed and may contain 
information that is privileged, proprietary and confidential. If you are not 
the intended recipient, you may not use, copy or disclose to anyone the message 
or any information contained in the message. If you have received this 
communication in error, please notify the sender and delete this e-mail 
message. The contents do not represent the opinion of D&E except to the extent 
that it relates to their official business.
--
http://www.freelists.org/webpage/oracle-l

Other related posts: