Re: Oracle Auditing Recommendations

• From: Rodd Holman <Rodd.Holman@xxxxxxxxx>
• To: "Terrian, Tom \(Contractor\) \(J6D\)" <Tom.Terrian.ctr@xxxxxxx>
• Date: Tue, 08 Aug 2006 12:27:50 -0500

We handle both operations and development.
We do a lot of cloning and creating of the db's
for dev and testing environments.  As far as sys
goes, most of the time we go in as the oracle user
and just / as sysdba.  This has the same
security implication as SYS/password as sysdba.

Normally we are only in as SYS during create/clone
and startup and shutdown operations.  It's
actually VERY sparingly used by the DBA group.
We're a rather paranoid bunch about going in
with that much access ourselves.  It's too
easy to do something damaging.


Terrian, Tom (Contractor) (J6D) wrote:
> Curious, since we lock and expire the sys account on all of our
> databases, what reason did you give your bosses as to why you needed the
> sys password?
> 
> -----Original Message-----
> From: oracle-l-bounce@xxxxxxxxxxxxx
> [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Rodd Holman
> Sent: Tuesday, August 08, 2006 1:02 PM
> To: Niall Litchfield
> Cc: gorbyx@xxxxxxxxx; rjamya@xxxxxxxxx; AGUERRA@xxxxxxxxx;
> oracle-l@xxxxxxxxxxxxx
> Subject: Re: Oracle Auditing Recommendations
> 
> It was a risk, senior management read it as a problem.
> I'm sure that's not a surprise to anyone.  We had to
> go through some detailed explanations with the C-level
> execs about what we did as DBA's and why we needed
> the password (actually our boss got that fun task). :)
> We're a group of 5 DBA's and access as SYS or
> oracle (at the unix level) is recorded.  We don't
> get root that's reserved for SA's.  That was another
> dance our boss had to do also.  SA's having
> root access to the servers was another item on
> the report. :)
> 
> Yes, knowing the password is a risk.
> Having access to the server room is a risk.
> Crossing the street is a risk.  Our job is not
> risk avoidance, but risk management.  Assessing the
> level of risk vs. the cost of mitigating work arounds.

> 
> --
> //www.freelists.org/webpage/oracle-l
> 
> 
> 
> 
> 
--
//www.freelists.org/webpage/oracle-l

• Follow-Ups:
  • Re: Oracle Auditing Recommendations
    • From: Niall Litchfield

Other related posts:

• » Oracle Auditing Recommendations
• » Re: Oracle Auditing Recommendations
• » Re: Oracle Auditing Recommendations
• » Re: Oracle Auditing Recommendations
• » Re: Oracle Auditing Recommendations
• » RE: Oracle Auditing Recommendations
• » Re: Oracle Auditing Recommendations
• » Re: Oracle Auditing Recommendations
• » Re: Oracle Auditing Recommendations
• » Re: Oracle Auditing Recommendations
• » Re: Oracle Auditing Recommendations
• » Re: Oracle Auditing Recommendations
• » Re: Oracle Auditing Recommendations
• » Re: Oracle Auditing Recommendations
• » Re: Oracle Auditing Recommendations
• » RE: Oracle Auditing Recommendations

1. Home
2. oracle-l
3. Archive
4. 08-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---