I'm glad you brought up the issue of auditing. Let me focus on the technical aspect of it, and leave the non-technical discussion to managers or whoever interested. When you execute procedure anotheruser.procedurename as sys to create the db link in his schema, dba_audit_trail by default will not record it (assuming "audit create database link" was done earlier). It *is* a problem for auditing. If that's the concern, or inconvenience in finding who did it, then the DBAs should always use this trick when logged on as a DBA but not sys such as system, because dba_audit_trail.username will show "SYSTEM" for this action. Alternatively, just enable audit_sys_operations if sys should be monitored. Yong Huang --- Mark Brinsmead <pythianbrinsmead@xxxxxxxxx> wrote: > Yes. You can use this trick to do just about anything as any user -- all > you need is create any procedure and execute any procedure. > > Of course, if auditors are likely to complain about (mis-)use of ALTER USER, > what are they likely to say about this. > > Apply caution -- in may places performing actions like either of these > without proper authorization can be firing offenses, or worse, could even > result in criminal prosecution! (And simply having the necessary privileges > is *not* authorization!) > > On Thu, Aug 21, 2008 at 4:09 PM, Jared Still <jkstill@xxxxxxxxx> wrote: > > > Clever solution. > > > > On Thu, Aug 21, 2008 at 1:54 PM, Yong Huang <yong321@xxxxxxxxx> wrote: > > > >> What I usually do to create a private DB link or stop or start another > >> user's > >> DBMS job, is to create a temporary procedure in that schema: > >> > >> conn system > >> create or replace procedure yhuang.p as > >> begin > >> execute immediate 'create database link remotedb > >> connect to remoteuser identified by thepassword using ''remotedb'''; > >> end; > >> / > >> exec yhuang.p > >> drop procedure yhuang.p; > >> > >> The advantage is you don't change that user's password even for a > >> subsecond. So > >> there's no risk in that respect. > >> > >> I wish Oracle would support "create database link theuser.linkname...", or > >> give > >> us a general method as Windows's "Run as" functionality. > >> > >> > > -- > > Jared Still > > Certifiable Oracle DBA and Part Time Perl Evangelist > > > > > > > -- > Cheers, > -- Mark Brinsmead > Senior DBA, > The Pythian Group > http://www.pythian.com/blogs > -- //www.freelists.org/webpage/oracle-l