?
Solved

security related tables/views in oracle RDBMS

Posted on 2013-06-03
4
Medium Priority
?
506 Views
Last Modified: 2013-06-18
I am trying to document some useful security related tables in Oracle RDBMS that would be of interest to auditors to create an account with read only access permissions to query those. Can you detail which are the main security related tables/views in oracle (so perhaps those with account information, permission information, physical file information (i.e. where is the database), etc.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 35

Accepted Solution

by:
johnsone earned 2000 total points
ID: 39216295
Typically, auditors that I have run into need the information from these views:

DBA_USERS
DBA_TAB_PRIVS
DBA_SYS_PRIVS
DBA_ROLE_PRIVS


If you are looking for where files are located, that would be:

DBA_DATA_FILES
DBA_TEMP_FILES
0
 
LVL 3

Author Comment

by:pma111
ID: 39216323
Are the password hashes in dba_users ?
0
 
LVL 3

Author Comment

by:pma111
ID: 39216326
Which table stores details about password management policies? And how can you marry up which accounts are subject to which password policies?
0
 
LVL 35

Expert Comment

by:johnsone
ID: 39216459
Yes, the hashed passwords are in DBA_USERS.

The password policy is a function of the profile that the user is assigned to.  You should see that in DBA_USERS as well.  Then you need DBA_PROFILES to be able to see what the settings are.  If you have a password verification function, you are going to have to pull the code for that yourself from DBA_SOURCE, the name of the function should be in the profile.
0

Featured Post

Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Your data is at risk. Probably more today that at any other time in history. There are simply more people with more access to the Web with bad intentions.
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
This video shows how to Export data from an Oracle database using the Datapump Export Utility.  The corresponding Datapump Import utility is also discussed and demonstrated.
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question