Solved

security related tables/views in oracle RDBMS

Posted on 2013-06-03
4
502 Views
Last Modified: 2013-06-18
I am trying to document some useful security related tables in Oracle RDBMS that would be of interest to auditors to create an account with read only access permissions to query those. Can you detail which are the main security related tables/views in oracle (so perhaps those with account information, permission information, physical file information (i.e. where is the database), etc.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 35

Accepted Solution

by:
johnsone earned 500 total points
ID: 39216295
Typically, auditors that I have run into need the information from these views:

DBA_USERS
DBA_TAB_PRIVS
DBA_SYS_PRIVS
DBA_ROLE_PRIVS


If you are looking for where files are located, that would be:

DBA_DATA_FILES
DBA_TEMP_FILES
0
 
LVL 3

Author Comment

by:pma111
ID: 39216323
Are the password hashes in dba_users ?
0
 
LVL 3

Author Comment

by:pma111
ID: 39216326
Which table stores details about password management policies? And how can you marry up which accounts are subject to which password policies?
0
 
LVL 35

Expert Comment

by:johnsone
ID: 39216459
Yes, the hashed passwords are in DBA_USERS.

The password policy is a function of the profile that the user is assigned to.  You should see that in DBA_USERS as well.  Then you need DBA_PROFILES to be able to see what the settings are.  If you have a password verification function, you are going to have to pull the code for that yourself from DBA_SOURCE, the name of the function should be in the profile.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Entity Framework is a powerful tool to help you interact with the DataBase but still doesn't help much when we have a Stored Procedure that returns more than one resultset. The solution takes some of out-of-the-box thinking; read on!
Read about achieving the basic levels of HRIS security in the workplace.
This video shows how to copy a database user from one database to another user DBMS_METADATA.  It also shows how to copy a user's permissions and discusses password hash differences between Oracle 10g and 11g.
This video shows how to recover a database from a user managed backup

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question