• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1991
  • Last Modified:

Privileges and roles usage check before removal.

Hello,
we're going to implement the principle of the least privileges granted in an Oracle database.
How can we determine if a role or privilege granted some time ago is used these days. For example an year ago SELECT_CATALOG_ROLE was granted to application user ACCOUNTING. How can we determine what privileges are used through this role( SELECT_CATALOG_ROLE) and grant the privileges explicitely and revoke the role from user ACCOUNTING. We tried DBA_DEPENDENCIES but is it the right one ? Something else? Auditing or .... ?

Thank You!
0
adrian_ang
Asked:
adrian_ang
1 Solution
 
ramumorlaCommented:
DBA_DEPENDENCIES is the right thing. Auditing is only for auditing lik ewho did what , why and when
0
 
adrian_angAuthor Commented:
Moderator, please delete my question and refund the points. We used a test environment and using test plans automated the check what privileges are not needed. We also used auditing to determine which prvileges are used, there is privilege usage auditing which logs which privileges are used while a  statement is executed.
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now