Re: Oracle Auditing Recommendations

  • From: "Alex Gorbachev" <gorbyx@xxxxxxxxx>
  • To: Rodd.Holman@xxxxxxxxx
  • Date: Tue, 8 Aug 2006 18:14:08 +0200

Security Vault gives you the possibility to limit sys privileges. :)
Interesting solution but old as this world. There is another
super-user and it controls data access while sys user is for DBAs to
stop/start/backup/troubleshoot whatever.
Looks like a security system with two keys that should be turned at
the same time to open the lock. :-)

2006/8/8, Rodd Holman <Rodd.Holman@xxxxxxxxx>: 
I'll agree with you for the most part.  However,
when an auditor comes in and reports a discrepancy in that
the DBA's have the SYS password as a problem, I
have to say that's "putting a stamp".  How else do
you create the database if you don't know and give it
the sys password.

Yes, this was a real life audit example.
The auditor who was clueless about what a DBA was
or did, had this checklist of items and just lumped
DBA's in as users and since we knew how to get
at the base level of the DB we were considered an
audit risk.  We all volunteered to give up the
password and go home.  Our boss wasn't impressed.



--
Best regards,
Alex Gorbachev

http://blog.oracloid.com
--
//www.freelists.org/webpage/oracle-l


Other related posts:

  1. Home
  2. oracle-l
  3. Archive
  4. 08-2006