Re: Restricting VPD from SYS

• From: Tim Gorman <tim@xxxxxxxxx>
• To: oracle-l@xxxxxxxxxxxxx
• Date: Thu, 30 Aug 2012 13:18:37 -0600

Deepak,

Short answer:  No.

Your problem is not with VPD, but with whoever is connecting to the 
database as SYS.  Nobody should be logging into SYS (or connecting "AS 
SYSDBA") except to perform installation, upgrade, patching, etc.

I strongly suggest immediately changing the passwords for all SYSDBA 
database accounts as well as the OS account owning the Oracle 
installation, and lock them out.  Then, create non-SYSDBA and non-DBA 
accounts for them to use instead.

Good luck!

-Tim

On 8/30/2012 12:50 PM, Deepak Sharma wrote:
> Hi,
> We have VPD enforced on a schema for few tables, but when logged-in as SYS, 
> we can view those table's data.
>
> Is there a way (workaround) to restrict SYS from viewing the VPD-related 
> tables?
>
> Already tried "REVOKE EXEMPT ACCESS POLICY FROM SYS;"
>
> Thanks,
> Deepak
>
> --
> //www.freelists.org/webpage/oracle-l
--
//www.freelists.org/webpage/oracle-l

• Follow-Ups:
  • Re: Restricting VPD from SYS
    • From: Senthil Subramanian

• References:
  • Restricting VPD from SYS
    • From: Deepak Sharma

Other related posts:

• » Restricting VPD from SYS- Deepak Sharma
• » Re: Restricting VPD from SYS - Tim Gorman
• » Re: Restricting VPD from SYS- Senthil Subramanian

1. Home
2. oracle-l
3. Archive
4. 08-2012

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---