On 7/13/05, RSL <rob.langmuir@xxxxxxxxxxxxxxx> wrote: > We have a third-party application, which as part of installation process, > uses it's own Unix account to create/startup Oracle database/instance. They > also want to start a listener with this account. > > In the future we plan to add our own instances/databases, and these will all > be started/created using Oracle account. > > > I don't much like the idea of having two separate unix accounts involved in > creating database(s) and starting instances. > > Although there is no practical reason why this can't be done, can you please > offer any reasons why you wouldn't /shouldn't do this. > > Thanks..../Bob Bob, Since you are supporting multiple databases on a single server, I highly recommend the use of different accounts owning different databases and their filesystems so that privilege separation can be used. In this matter, a cloning exercise of a test database from production can be carried out under the credentials of an account that has read permissions on the backup staging directory (user-managed "hot" backup) and its archived redo logs - without the ability to write to the filesystems of the production databases. Have you ever heard of a dba running a CREATE CONTROLFILE script for a test database that was edited less than perfectly ... overwriting the production database's datafiles? With privilege separation using separate accounts, this is not possible. Its tempting to connect as a account that has dba privs on all databases ... and one might not ever make a mistake that privilege separation could have prevented. I can tell you that it saved my behind on one occassion - and it would have prevented me from trashing a datafile of a production database when I was in a hurry (and was sloppy). That happened once and will not happen again. Paul -- //www.freelists.org/webpage/oracle-l