Solved

oracle stale user accounts

Posted on 2014-02-14
7
387 Views
Last Modified: 2014-03-02
would there be any tell tale signs in a an oracle database about "stale accounts", i.e. those that could be locked and epxired? I am not sure i there is a last login type flag, or whether that is the most appropriate marker, as perhaps some accounts dont "login" like a normal user would?
0
Comment
Question by:pma111
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 28

Accepted Solution

by:
Naveen Kumar earned 167 total points
ID: 39858589
i think only after you enable audit - audit sessions etc then you will have a history of who is connecting, when etc, whether the remaining can be locked and the other information.

Is the auditing enabled ?
0
 
LVL 36

Assisted Solution

by:Geert Gruwez
Geert Gruwez earned 167 total points
ID: 39858609
audit .. or a login trigger which stores the last login attempt in a separate table
0
 
LVL 3

Author Comment

by:pma111
ID: 39858657
but by default there is no last login stamp? is that correct
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 3

Author Comment

by:pma111
ID: 39858684
can you have accounts that are neccesary but may not "login" as such, can you provide examples of these kinds of account?
0
 
LVL 36

Expert Comment

by:Geert Gruwez
ID: 39858705
well... sys is very necessary
but usually only dba's login with that when they setup the database

system also

that's the main 2, the rest is optional
but that again depends on what you are using

here is a list of the oracle default users
http://www.orafaq.com/wiki/List_of_default_database_users
0
 
LVL 22

Assisted Solution

by:Steve Wales
Steve Wales earned 166 total points
ID: 39859362
You can query DBA_USERS to find out any accounts that are actually set to expired and/or locked (a column called ACCOUNT_STATUS).

No way short of a login trigger that immediately comes to mind to track last login.

In 12c, they've added last_login to dba_users, but prior to that, you have to track it yourself.
0
 
LVL 28

Expert Comment

by:Naveen Kumar
ID: 39863734
also unless you do a deep dig into all the user account details in your database, it would not be easy to say which all accounts are required and which are not required.

To start with, probably you can extract the information from dba_users and then start the investigation from there.

As mentioned already, do not delete/drop any internal/system accounts which are required for the database.

Thanks
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
This video explains at a high level with the mandatory Oracle Memory processes are as well as touching on some of the more common optional ones.
This video shows setup options and the basic steps and syntax for duplicating (cloning) a database from one instance to another. Examples are given for duplicating to the same machine and to different machines

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now