"Smith, Ron L." wrote: > > We are being asked by Auditing to stop using the SYS, and SYSTEM > accounts. They would like for us to create an Oracle Role with the same > permissions a SYS and SYSTEM, then grant the role to each of the DBA's. > Don't ask me why. Nothing is being audited in 99% of the databases. > They just say it in a paper some where so they said we shouldn't use it. > This seems like it would cause lots of problems with exports, imports, > installs, etc... Has anyone had to deal with this type of request? Any > potential problems with making the change? > > Thanks! > Ron Smith > --
I agree about SYS, but I don't have any problem with SYSTEM, which for the ownership of PRODUCT_USER_PROFILE and perhaps a couple of other dictionary-related tables, views or package is as equal a DBA as any other (SYS excepted). I like having an externally identified DBA account for running all those cron scripts etc., but on the other hand I am not in favour of unduly multiplying DBAs. This is pushing democracy too far for my taste. The more DBAs you have, the more chances you take of having an easy-to-guess or leaked password. -- Regards, Stephane Faroult Oriole Software -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Stephane Faroult INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
