revoke permission on SYS.AUD$ table
Hello,
Is there a way to restrict or revoke all permission on SYS.AUD$ table from a user which has DBA role or select any table/delete any table privileges.
As per our company policy apart from auditors/reviwers, no one else should be allowed to view/delete any of the auditing records which are being stored in SYS.AUD$ table.
we need to ensure that the system administrator(except SYS and SYSTEM) with DBA role should not be able to modify/delete/truncated the SYS.AUD$ table. Only the Reviewer should have access to the audit tables?..similar to what we enforce in Sybase. For example, in Sybase you cannot view auditing records until and unless sso_role has been granted to you.
Please advise whether we can comply with this requirement in Oracle.
Thanks in Advance,
Dilip
revoke permission on SYS.AUD$ table
Hi Sanjay,
SQL> select * from v$version;
page
BANNER
----------------------------------------------------------------
Oracle8i Enterprise Edition Release 8.1.7.0.0 - 64bit Production
PL/SQL Release 8.1.7.0.0 - Production
CORE 8.1.7.0.0 Production
TNS for Solaris: Version 8.1.7.0.0 - Production
NLSRTL Version 3.4.1.0.0 - Production
SQL> show parameter O7_DICTIONARY_ACCESSIBILITY
page
NAME_COL_PLUS_SHOW_PARAM TYPE
---------------------------------------------------------------- -------
VALUE_COL_PLUS_SHOW_PARAM
------------------------------------------------------------------------------------------------------------------------------------
O7_DICTIONARY_ACCESSIBILITY boolean
TRUE
Regds..Dilip
revoke permission on SYS.AUD$ table
Hi Sanjay,
Thanks for your response. We have some third party applications which might need access on SYS schema and setting this value to FALSE (O7_DICTIONARY_ACCESSIBILITY = FALSE) may create more problems for us since it would be applicable for all the users and so far we do not know what would be the impact once this value is changed.
Don't you know any other method which can be implemented only for few selected users, even for the user who has DBA role.
Thanks,
Dilip
(Certified Sybase Professional DBA 12.5/12.0/11.5/11.0)
(OCP 8i DBA)