Our security folks are pushing us to lock the "oracle" account and use OPAM. Have others done this? Is it possible?
What they are hoping we do is create a named account, and only su into oracle if need be. I realise these doesnt audit much of anything .. but alas..
If we lock "oracle" - can OEM pull passwords from OPAM? I think thats what they are looking for us to do. OPAM would rotate passwords and such. We as dbas should never need to know the oracle password.