Solved

Privileges and roles usage check before removal.

Posted on 2007-04-10
5
1,985 Views
Last Modified: 2013-12-18
Hello,
we're going to implement the principle of the least privileges granted in an Oracle database.
How can we determine if a role or privilege granted some time ago is used these days. For example an year ago SELECT_CATALOG_ROLE was granted to application user ACCOUNTING. How can we determine what privileges are used through this role( SELECT_CATALOG_ROLE) and grant the privileges explicitely and revoke the role from user ACCOUNTING. We tried DBA_DEPENDENCIES but is it the right one ? Something else? Auditing or .... ?

Thank You!
0
Comment
Question by:adrian_ang
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 4

Accepted Solution

by:
ramumorla earned 250 total points
ID: 18887205
DBA_DEPENDENCIES is the right thing. Auditing is only for auditing lik ewho did what , why and when
0
 
LVL 5

Author Comment

by:adrian_ang
ID: 19608938
Moderator, please delete my question and refund the points. We used a test environment and using test plans automated the check what privileges are not needed. We also used auditing to determine which prvileges are used, there is privilege usage auditing which logs which privileges are used while a  statement is executed.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Working with Network Access Control Lists in Oracle 11g (part 2) Part 1: http://www.e-e.com/A_8429.html Previously, I introduced the basics of network ACL's including how to create, delete and modify entries to allow and deny access.  For many…
How to Unravel a Tricky Query Introduction If you browse through the Oracle zones or any of the other database-related zones you'll come across some complicated solutions and sometimes you'll just have to wonder how anyone came up with them.  …
This video explains at a high level about the four available data types in Oracle and how dates can be manipulated by the user to get data into and out of the database.
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question