[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1990
  • Last Modified:

Privileges and roles usage check before removal.

Hello,
we're going to implement the principle of the least privileges granted in an Oracle database.
How can we determine if a role or privilege granted some time ago is used these days. For example an year ago SELECT_CATALOG_ROLE was granted to application user ACCOUNTING. How can we determine what privileges are used through this role( SELECT_CATALOG_ROLE) and grant the privileges explicitely and revoke the role from user ACCOUNTING. We tried DBA_DEPENDENCIES but is it the right one ? Something else? Auditing or .... ?

Thank You!
0
adrian_ang
Asked:
adrian_ang
1 Solution
 
ramumorlaCommented:
DBA_DEPENDENCIES is the right thing. Auditing is only for auditing lik ewho did what , why and when
0
 
adrian_angAuthor Commented:
Moderator, please delete my question and refund the points. We used a test environment and using test plans automated the check what privileges are not needed. We also used auditing to determine which prvileges are used, there is privilege usage auditing which logs which privileges are used while a  statement is executed.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now