Database Install/Upgrade/Opatch (MOSC)

MOSC Banner

example REVOKE ALL ON DBA_ FROM <Non-DBA/SYS grantee>;

edited Oct 21, 2015 12:59AM in Database Install/Upgrade/Opatch (MOSC) 3 commentsAnswered

Hi!

I use security recomendation for oracle 11.2.0.4:

audit:

SELECT * FROM DBA_TAB_PRIVS

WHERE TABLE_NAME LIKE 'DBA_%'

and GRANTEE NOT IN ('APEX_030200','APPQOSSYS','AQ_ADMINISTRATOR_ROLE','CTXSYS',

'EXFSYS','MDSYS','OLAP_XS_ADMIN','OLAPSYS','ORDSYS','OWB$CLIENT','OWBSYS',

'SELECT_CATALOG_ROLE','WM_ADMIN_ROLE','WMSYS','XDBADMIN','LBACSYS',

'ADM_PARALLEL_EXECUTE_TASK','CISSCANROLE');

result:

GRANTEE    OWNER      TABLE_NAME                               GRANTOR    PRIVILEGE       GRA      HIE

---------- ----- ------------------------------ ---------- ---------- --- ---

PUBLIC          SYS             DBA_AUTO_SEGADV_CTL            SYS             SELECT          NO       NO

Remediation:

Replace <non-DBA/SYS grantee>, in the query below, with the Oracle login(s) or role(s) returned from the

Howdy, Stranger!

Log In

To view full details, sign in to My Oracle Support Community.

Register

Don't have a My Oracle Support Community account? Click here to get started.

Category Leaderboard

Top contributors this month

New to My Oracle Support Community? Visit our Welcome Center

MOSC Help Center