example REVOKE ALL ON DBA_ FROM <Non-DBA/SYS grantee>;

Hi!

I use security recomendation for oracle 11.2.0.4:

audit:

SELECT * FROM DBA_TAB_PRIVS

WHERE TABLE_NAME LIKE 'DBA_%'

and GRANTEE NOT IN ('APEX_030200','APPQOSSYS','AQ_ADMINISTRATOR_ROLE','CTXSYS',

'EXFSYS','MDSYS','OLAP_XS_ADMIN','OLAPSYS','ORDSYS','OWB$CLIENT','OWBSYS',

'SELECT_CATALOG_ROLE','WM_ADMIN_ROLE','WMSYS','XDBADMIN','LBACSYS',

'ADM_PARALLEL_EXECUTE_TASK','CISSCANROLE');

result:

GRANTEE    OWNER      TABLE_NAME                               GRANTOR    PRIVILEGE       GRA      HIE

---------- ----- ------------------------------ ---------- ---------- --- ---

PUBLIC          SYS             DBA_AUTO_SEGADV_CTL            SYS             SELECT          NO       NO

Remediation:

Replace <non-DBA/SYS grantee>, in the query below, with the Oracle login(s) or role(s) returned from the