I am trying to do some risk assessment work on which users can access an Oracle database on an AIX IBM server. I am more comfortable with MSSQL on Windows Server, typically we would check on Windows:
1) Local users and group memberships (including nested domain groups
2) Users granted access to shares on the servers (via share/directory access control lists)
3) Users granted access to the MSSQL database itself (via MSSQL authentication or windows authentication)
I could do with coming up with a similar checklist for Oracle on AIX IBM. I.e. any user who has some degree of access to the Server that hosts the actual database. My view was even though the OS account may not have access to the Database, they may be able to copy off the actual database files and/or any backups. 1-3 may not be enough, happy to get any feedback on other potential routes for some form of access to the server.