Cool. Then just as a suggestion, you might want to consider the "lock and expire indefinitely" approach, as an alternative to deleting accounts. It may offer good "future proofing", if nothing else. When somebody comes along with stringent auditing requirements you will already be equipped. This also avoids nightmare scenarios like the one recently described by Tim Gorman, where dropping an "unused" account can have horrible and unforeseen consequences. (Note: you can get into equal trouble when an account contains critical PL/SQL stored code -- and checking your AWR history for logical reads won't help with that.) Anyway, it's just a thought, of course. Some people would look as this suggestion as "FUD" -- but it would not be the first time I have encountered people who have confused "FUD" and "foresight". :-) Cheers! On Mon, Mar 16, 2015 at 12:56 PM, Leroy Kemnitz <lkemnitz@xxxxxxxx> wrote: > Mark and Nail, > > > > Currently, we have no policy concerning this issue. I am attempting to > ‘create’ or ‘suggest’ a policy that works from the database security > viewpoint. We currently have a need for a lot of various kinds of policies > concerning the databases. This is a starting point. > > > > > > LeRoy > > >