Solved

Privileges and roles usage check before removal.

Posted on 2007-04-10
5
1,981 Views
Last Modified: 2013-12-18
Hello,
we're going to implement the principle of the least privileges granted in an Oracle database.
How can we determine if a role or privilege granted some time ago is used these days. For example an year ago SELECT_CATALOG_ROLE was granted to application user ACCOUNTING. How can we determine what privileges are used through this role( SELECT_CATALOG_ROLE) and grant the privileges explicitely and revoke the role from user ACCOUNTING. We tried DBA_DEPENDENCIES but is it the right one ? Something else? Auditing or .... ?

Thank You!
0
Comment
Question by:adrian_ang
5 Comments
 
LVL 4

Accepted Solution

by:
ramumorla earned 250 total points
ID: 18887205
DBA_DEPENDENCIES is the right thing. Auditing is only for auditing lik ewho did what , why and when
0
 
LVL 5

Author Comment

by:adrian_ang
ID: 19608938
Moderator, please delete my question and refund the points. We used a test environment and using test plans automated the check what privileges are not needed. We also used auditing to determine which prvileges are used, there is privilege usage auditing which logs which privileges are used while a  statement is executed.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Oracle -- identify blocking session 24 52
ORA-06504: PL/SQL: Return types of Result Set variables or query do not match 4 109
oracle 11g 23 82
PL SQL Developer 7 35
Working with Network Access Control Lists in Oracle 11g (part 1) Part 2: http://www.e-e.com/A_9074.html So, you upgraded to a shiny new 11g database and all of a sudden every program that used UTL_MAIL, UTL_SMTP, UTL_TCP, UTL_HTTP or any oth…
Truncate is a DDL Command where as Delete is a DML Command. Both will delete data from table, but what is the difference between these below statements truncate table <table_name> ?? delete from <table_name> ?? The first command cannot be …
Via a live example show how to connect to RMAN, make basic configuration settings changes and then take a backup of a demo database
This video shows syntax for various backup options while discussing how the different basic backup types work.  It explains how to take full backups, incremental level 0 backups, incremental level 1 backups in both differential and cumulative mode a…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question