Solved

security related tables/views in oracle RDBMS

Posted on 2013-06-03
4
500 Views
Last Modified: 2013-06-18
I am trying to document some useful security related tables in Oracle RDBMS that would be of interest to auditors to create an account with read only access permissions to query those. Can you detail which are the main security related tables/views in oracle (so perhaps those with account information, permission information, physical file information (i.e. where is the database), etc.
0
Comment
Question by:pma111
  • 2
  • 2
4 Comments
 
LVL 34

Accepted Solution

by:
johnsone earned 500 total points
ID: 39216295
Typically, auditors that I have run into need the information from these views:

DBA_USERS
DBA_TAB_PRIVS
DBA_SYS_PRIVS
DBA_ROLE_PRIVS


If you are looking for where files are located, that would be:

DBA_DATA_FILES
DBA_TEMP_FILES
0
 
LVL 3

Author Comment

by:pma111
ID: 39216323
Are the password hashes in dba_users ?
0
 
LVL 3

Author Comment

by:pma111
ID: 39216326
Which table stores details about password management policies? And how can you marry up which accounts are subject to which password policies?
0
 
LVL 34

Expert Comment

by:johnsone
ID: 39216459
Yes, the hashed passwords are in DBA_USERS.

The password policy is a function of the profile that the user is assigned to.  You should see that in DBA_USERS as well.  Then you need DBA_PROFILES to be able to see what the settings are.  If you have a password verification function, you are going to have to pull the code for that yourself from DBA_SOURCE, the name of the function should be in the profile.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Read about achieving the basic levels of HRIS security in the workplace.
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
This video shows how to configure and send email from and Oracle database using both UTL_SMTP and UTL_MAIL, as well as comparing UTL_SMTP to a manual SMTP conversation with a mail server.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question