Re: limited DBA privileges

• From: "Dennis Williams" <oracledba.williams@xxxxxxxxx>
• To: Mark.Cochran@xxxxxxxxxxx
• Date: Tue, 29 Apr 2008 22:01:57 -0500

Mark,

I think there are many people on the list who have had to deal with this.
You know how those wild DBAs took down Enron and other big companies a few
years ago, so congress passed SoX to control their excesses. I'm guessing
that is the basis of your questions.

First, the newer versions of Oracle like 10g provide more security support,
such as VPD and FGA, encryption.
Second, lock SYSTEM and SYS. Create OPS$ accounts for your administrators.
That way activities can be tracked to an individual.
You could probably decide exactly which privileges a DBA needs, but that may
be an exercise in futility.
Third, turn on auditing, whisk the audit records immediately to another
system, and stick someone in quality with the responsibility for reading
those audit records.

Take a look at Fine Grained Auditing in 10g to see if that will meet your
requirements.

Dennis Williams

• Follow-Ups:
  • Re: limited DBA privileges
    • From: Niall Litchfield
  • Re: limited DBA privileges
    • From: Jared Still

• References:
  • limited DBA privileges
    • From: Cochran, Mark

Other related posts:

• » limited DBA privileges
• » Re: limited DBA privileges
• » Re: limited DBA privileges
• » Re: limited DBA privileges
• » RE: limited DBA privileges
• » RE: limited DBA privileges
• » Re: limited DBA privileges
• » Re: limited DBA privileges
• » Re: limited DBA privileges
• » Re: limited DBA privileges

1. Home
2. oracle-l
3. Archive
4. 04-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---