RE: Oracle lockdown, agents, and EM Jobs
- From: "Herring, David" <HerringD@xxxxxxx>
- To: "oracle-l@xxxxxxxxxxxxx" <oracle-l@xxxxxxxxxxxxx>
- Date: Wed, 18 Jun 2014 17:18:40 -0500
Options:
1) Every DBA has their own .bash_profile created as a copy of Oracle's. This
is what I started with thinking it was simple but after one week I've found 2
examples where DBAs didn't bother to follow this rule. I can't control them
and have no authority to force them to do anything other than the bare minimum
of their job.
2) Open permissions on /user/oracle (710) and /user/oracle/.bash_profile (750)
so that each EM Job could issue at the start: ". ~oracle/.bash_profile". So
whether daveh or markb or timg have their credentials set for the target, all
can execute Oracle's .bash_profile and we're fine.
Everything else I've come up with is a variation on the above 2 options, either
modifying DBA .bash_profiles in some way or something within Oracle's home
directory that requires permissions to be relaxed a bit.
Does this make sense?
Am I making this overly complex?
Anyone else in a similar situation and have a better solution?
Dave Herring
--
//www.freelists.org/webpage/oracle-l
Other related posts:
- » Oracle lockdown, agents, and EM Jobs- Herring, David
- » RE: Oracle lockdown, agents, and EM Jobs - Herring, David
- » Re: Oracle lockdown, agents, and EM Jobs- De DBA
- » Re: Oracle lockdown, agents, and EM Jobs- Seth Miller
- » RE: Oracle lockdown, agents, and EM Jobs- Herring, David
- » RE: Oracle lockdown, agents, and EM Jobs- Herring, David
- » Re: Oracle lockdown, agents, and EM Jobs- Seth Miller
- » RE: Oracle lockdown, agents, and EM Jobs- Herring, David
- » RE: Oracle lockdown, agents, and EM Jobs- Peter Sharman
- » RE: Oracle lockdown, agents, and EM Jobs- Herring, David
