Oracle Clusterware has a powerful system of permissions (similar to unix
permissions on an user/group/app RWX matrix) for resources - that might
help.
Martin
2015-05-30 0:12 GMT+02:00 Stefan Knecht <knecht.stefan@xxxxxxxxx>:
To add to what Jared has already said, perhaps even use a set of scripts
to enable very specific functionality via sudo, instead of granting access
to all functions of e.g. srvctl, crsctl, etc...
On May 29, 2015 9:53 PM, "Jared Still" <jkstill@xxxxxxxxx> wrote:
On Fri, May 29, 2015 at 7:38 AM, Chris King <ckaj111@xxxxxxxx> wrote:
What would you recommend as an overall method of granting the least
possible privileges on the linux side? For instance, to restart dbconsole
will require login as oracle, which I'd rather avoid giving away, but not
sure that's possible.
If the number of commands they need to run as oracle is limited, don't
give them the oracle login, setup sudo instead.
