Hi Dex, As per security point of view you should be aware of security policies. Yes you are try abotu DBM_RANDOM package as this is again one of the issue.. and you should revoke the public privilege from this package too.. Yes roles should be password protected, but listen one thing... breaking database is very easy upto certain extent. Regards, Sunil Bhola "J. Dex" <cemail_219@xxxxxxxxxxx> wrote: For those of you who have had security audits, I am wondering about a couple of things..... Does it matter if standard Oracle roles are NOT password protected? Does it only need to be non-standard roles that are password protected? PUBLIC typically has some execute privileges, dbms_random, etc. Will it adversely effect anything if those privileges are revoked? _________________________________________________________________ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement -- //www.freelists.org/webpage/oracle-l QUERIES in Oracle, Feel free to Join: http://groups.yahoo.com/group/oracle_expert/ Regards, Sunil Bhola Oracle_Expert, Moderator --------------------------------- What are the most popular cars? Find out at Yahoo! Autos