Solved

security related tables/views in oracle RDBMS

Posted on 2013-06-03
4
505 Views
Last Modified: 2013-06-18
I am trying to document some useful security related tables in Oracle RDBMS that would be of interest to auditors to create an account with read only access permissions to query those. Can you detail which are the main security related tables/views in oracle (so perhaps those with account information, permission information, physical file information (i.e. where is the database), etc.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 35

Accepted Solution

by:
johnsone earned 500 total points
ID: 39216295
Typically, auditors that I have run into need the information from these views:

DBA_USERS
DBA_TAB_PRIVS
DBA_SYS_PRIVS
DBA_ROLE_PRIVS


If you are looking for where files are located, that would be:

DBA_DATA_FILES
DBA_TEMP_FILES
0
 
LVL 3

Author Comment

by:pma111
ID: 39216323
Are the password hashes in dba_users ?
0
 
LVL 3

Author Comment

by:pma111
ID: 39216326
Which table stores details about password management policies? And how can you marry up which accounts are subject to which password policies?
0
 
LVL 35

Expert Comment

by:johnsone
ID: 39216459
Yes, the hashed passwords are in DBA_USERS.

The password policy is a function of the profile that the user is assigned to.  You should see that in DBA_USERS as well.  Then you need DBA_PROFILES to be able to see what the settings are.  If you have a password verification function, you are going to have to pull the code for that yourself from DBA_SOURCE, the name of the function should be in the profile.
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
Azure Functions is a solution for easily running small pieces of code, or "functions," in the cloud. This article shows how to create one of these functions to write directly to Azure Table Storage.
This video shows how to Export data from an Oracle database using the Original Export Utility.  The corresponding Import utility, which works the same way is referenced, but not demonstrated.
This video shows how to recover a database from a user managed backup

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question