Ron -- Why do you need SYS or SYSTEM to do full exports and imports? I'll grant that there are those odd times when you need to use SYS and SYSTEM, but not then. Anybody with DBA granted to them can do full exports/imports. I'm doing it right now, as a matter of fact... with fromuser/touser toboot!
Bambi. -----Original Message----- Sent: Wednesday, November 12, 2003 4:24 PM To: Multiple recipients of list ORACLE-L Where we work, there is one DBA responsible for each database. Each DBA is responsible for dozens of databases, servers, and applications. The only time another DBA is in one of my databases is when I am out of the office and can't get to a phone line or network connection. We never use SYS but it was included in the audit so I included it in the question. We still have to use SYS and SYSTEM for database creates, full exports, imports, etc... The only thing I can see creating a dummy SYSTEM account would do is to add one more userid and dozens of new passwords to the database and more work for an already short handed staff. Ron Smith -----Original Message----- Sent: Wednesday, November 12, 2003 3:59 PM To: Multiple recipients of list ORACLE-L Hi Ron, I just starte to write an answer to agree with your auditor based on accountability and i saw Arup's answer come through so I have deleted my answer and just say i concur whole heartedly with Arup. I also conduct oracle security audits and i suggest to clients not to use SYS or SYSTEM for day to day work. kind regards Pete -- Pete Finnigan email:[EMAIL PROTECTED] Web site: http://www.petefinnigan.com - Oracle security audit specialists Book:Oracle security step-by-step Guide - see http://store.sans.org for details. -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Pete Finnigan INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Smith, Ron L. INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Bellow, Bambi INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
