Do you make use of proxy users ?
Do you have any users with this privilege ?
Regards
Jonathan Lewis
________________________________________
From: oracle-l-bounce@xxxxxxxxxxxxx <oracle-l-bounce@xxxxxxxxxxxxx> on behalf
of Charlotte Hammond <dmarc-noreply@xxxxxxxxxxxxx>
Sent: 04 November 2019 18:36
To: dmarc-noreply@xxxxxxxxxxxxx; Stefan Knecht
Cc: Oracle-L Freelists
Subject: Re: Where is this Privilege coming from?
Hi Stefan,
Yes - VPD is in use. We see EXEMPT ACCESS POLICY in the audit trail when any
of the tables with a policy on it is accessed by this user. So that makes
sense. But I just can't figure out how it is getting the privilege in the
first place.
Thanks,
Charlotte
On Monday, November 4, 2019, 06:12:28 PM GMT, Stefan Knecht
<knecht.stefan@xxxxxxxxx> wrote:
Are you using VPD in that database?
On Tue, Nov 5, 2019 at 12:36 AM Charlotte Hammond
<dmarc-noreply@xxxxxxxxxxxxx<mailto:dmarc-noreply@xxxxxxxxxxxxx>> wrote:
Hello All,
In my database audit trail I can see lots of entries for use of the privilege
"EXEMPT ACCESS POLICY" (PRIV_USED) for a particular database user (a shared
account used by the front end application - sessions are created/destroyed
dynamically through the day). The RETURNCODE is 0 for these entries.
However this database user does not have this privilege granted to them either
directly or through a role (and the 1 role they have does not have any system
privileges). Also, if I log in directly as this database user using sqlplus I
do not have this privilege. I presume the application is doing something
special when it creates the session but I cannot think what!
So where is this privilege coming from to appear in the audit trail? Any
suggestions on how to track this down much appreciated!
Thanks,
Charlotte
--
//
zztat - The Next-Gen Oracle Performance Monitoring and Reaction Framework!
Visit us at zztat.net<http://zztat.net/> | @zztat_oracle |
fb.me/zztat<http://fb.me/zztat> | zztat.net/blog/<http://zztat.net/blog/>
--
//www.freelists.org/webpage/oracle-l
