example REVOKE ALL ON DBA_ FROM <Non-DBA/SYS grantee>;
Hi!
I use security recomendation for oracle 11.2.0.4:
audit:
SELECT * FROM DBA_TAB_PRIVS
WHERE TABLE_NAME LIKE 'DBA_%'
and GRANTEE NOT IN ('APEX_030200','APPQOSSYS','AQ_ADMINISTRATOR_ROLE','CTXSYS',
'EXFSYS','MDSYS','OLAP_XS_ADMIN','OLAPSYS','ORDSYS','OWB$CLIENT','OWBSYS',
'SELECT_CATALOG_ROLE','WM_ADMIN_ROLE','WMSYS','XDBADMIN','LBACSYS',
'ADM_PARALLEL_EXECUTE_TASK','CISSCANROLE');
result:
GRANTEE OWNER TABLE_NAME GRANTOR PRIVILEGE GRA HIE
---------- ----- ------------------------------ ---------- ---------- --- ---
PUBLIC SYS DBA_AUTO_SEGADV_CTL SYS SELECT NO NO
Remediation:
Replace <non-DBA/SYS grantee>, in the query below, with the Oracle login(s) or role(s) returned from the