Pau Lo
asked on
oracle queries for password stats and permissions
in oracle 11g, i need to identify a way to list for each db account:
the date the accounts password was set
the last time the account was used to login
the permissions/priveleges granted to the account
any pointers?
the date the accounts password was set
the last time the account was used to login
the permissions/priveleges granted to the account
any pointers?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It all depends on what you mean by elevated privileges. That means different things to different auditors.
You can always look for the DBA role, which should identify your admins:
select grantee from dba_role_privs where granted_role = 'DBA';
Other than that Oracle doesn't give you a way to do it. However, good application designs contain roles for the different types of users it supports and you should be able to identify which users belong to which roles.
You can always look for the DBA role, which should identify your admins:
select grantee from dba_role_privs where granted_role = 'DBA';
Other than that Oracle doesn't give you a way to do it. However, good application designs contain roles for the different types of users it supports and you should be able to identify which users belong to which roles.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok thanks
just looking at those table names, "..sys_privs", "..role_privs", "..tab_privs" what are the "sys privs", "role privs", "tab privs"? Can you give a bit of a beginners guide to
role priveleges
tab priveles
sys priveleges
just looking at those table names, "..sys_privs", "..role_privs", "..tab_privs" what are the "sys privs", "role privs", "tab privs"? Can you give a bit of a beginners guide to
role priveleges
tab priveles
sys priveleges
>>Can you give a bit of a beginners guide to
The online docs have everything you need. All views are described in-depth.
For example:
ROLE_PRIVS:
http://docs.oracle.com/cd/E11882_01/server.112/e25513/statviews_4217.htm#REFRN23230
The online docs have everything you need. All views are described in-depth.
For example:
ROLE_PRIVS:
http://docs.oracle.com/cd/E11882_01/server.112/e25513/statviews_4217.htm#REFRN23230
As slightwv posted, the docs are the best place to go.
The basic idea here is this:
DBA_ROLE_PRIVS - are roles that are granted to another user or role
DBA_TAB_PRIVS - are object level privileges granted to a user or role
DBA_SYS_PRIVS - are system level privileges granted to a user or role
There is also a good overview in the documentation for the GRANT statement:
http://docs.oracle.com/cd/E11882_01/server.112/e26088/statements_9013.htm#i2155015
The basic idea here is this:
DBA_ROLE_PRIVS - are roles that are granted to another user or role
DBA_TAB_PRIVS - are object level privileges granted to a user or role
DBA_SYS_PRIVS - are system level privileges granted to a user or role
There is also a good overview in the documentation for the GRANT statement:
http://docs.oracle.com/cd/E11882_01/server.112/e26088/statements_9013.htm#i2155015
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER