We use BCV Backups to take backups of our Production Environments. We take inconsistent (hot backups) everyday.
We have an os user (unix sun solaris) that sudo's onto the oracle database user (w/o using a password) and then issues commands like:
alter database start backup;
alter database end backup;
alter system archive log current;
This makes the sudo os user a very powerful user and a potential threat.
What other methods can we use to perform the same task. Can we have an Oracle user which has limited rights (e.g. only to issue the 3 commands )