Actually, I see the problem as stemming from two different requirements a) As part of IT Security Policies not scripts should store username/password combinations unless the password is encrypted using standard protocols. b) As part of our SOX Controls [ie, in the SOPs] "root" and Super-User {ie "oracle"} accounts are not to be used. Only Named Administrative User accounts are to be used. [The Unix Admin team has agreed not to use "root" but I will be pushing for permission to use "oracle" and SYSDBA. {obviously, remote_login as SYSDBA is not to be allowed}.] All usage of Administrative accounts must be logged. The first prevents me from using simple script files {unless I am able to use hide.c, but I am not sure I want to use hide.c for Hot Backup etc scripts which I would want to setup with a SYSDBA acount. Other monitoring scripts also require DBA/CATALOG privileges}. The second prevents me from using SYSDBA, and, furthermore, CRON jobs as SYSDBA would cause many entries in the OS audit trail files {eg $ORACLE_HOME/rdbms/audit}, each of which I'd have to explain. I am hoping that I meet auditors who understand when and where and why I use SYSDBA. Hemant At 10:22 PM Saturday, Mohammad Rafiq wrote: >Hemant, >Where did you find this requirement? >We are having more then 20 SOX compliant databases and running our >jobs as either SYSDBA on Windows and *nix as well but not seen any >objection from our internal or external auditors so far... > >Regards >Rafiq > >On 5/13/05, Hemant K Chitale <hkchital@xxxxxxxxxxxxxx> wrote: > > > > How do you run CRON jobs {Online Backups, DB Monitoring} on Database > Servers > > when IT Security / SOX requirements state that > > a) No userid-password pairs are to be kept in plain-text in any files > > b) connect / as sysdba is not to be used > > > > I can handle a) with CRON jobs running under the "oracle" account with > > "connect / as sysdba" > > at the beginning of SQL scripts. I can handle b) if I hard code a > > userid/password with the > > appropriate privileges. How do I handle both requirements ? > > > > Hemant K Chitale Hemant K Chitale http://web.singnet.com.sg/~hkchital -- //www.freelists.org/webpage/oracle-l