We just completed an external audit and one of the findings from the auditors is that DBAs should not have cron rights in Unix. The finding basically stated that a DBA could schedule something to run malicious code from cron and therefore is a security threat. Frankly, I don't see how that's much different from just running the script interactively. Unless the DBA is kicked off the Unix server period..... I'm curious if other sites have restricted DBA's access to such a point that they no longer are allowed to develop and promote shell scripts for databases. This is supposed to be a 'segregation' of duties, but it seems to me that if you are going to run a script that is in the 'DBA' group then what's really happened is that access is now opened up to the UNIX administrators (considering they are a separate job). K Kaylor Database Administration RSA *********************************************************************************** Notice of Confidentiality This transmission (including attachments) contains information that may be privileged, confidential and protected from disclosure. Unless you are the intended recipient of the message (or authorized to receive it for the intended recipient) you may not copy, forward, or otherwise use it, or disclose it or its contents to anyone. If you received this transmission in error please notify us immediately, permanently delete the transmission(including attachments) from your system, and destroy all hard copies. Thank you. Email: security_usa@xxxxxxxxxx *********************************************************************************** -- //www.freelists.org/webpage/oracle-l