I work on application that collects Oracle events.
In order for the application to collect and process Oracle events, the account which is being used by the application service requires the 'SYSDBA' server role.
There are some situations where the customer cannot give 'SYSDBA’ permissions to this account for security reasons. The question is can more restrictive privileges be configured in order to do that?
You can create a wrapper package owned by sys, and then grant execute right on that package to whoever needs it. you would be presenting just the methods that you want to present. And you can verify the inputs within the wrapper package.