Difference between revisions of "Security"
From dbawiki
| Line 3: | Line 3: | ||
* [http://www.oracle.com/technetwork/database/enterprise-edition/calling-shell-commands-from-plsql-1-1-129519.pdf Allow running of OS / shell commands from within SQL and PL/SQL] | * [http://www.oracle.com/technetwork/database/enterprise-edition/calling-shell-commands-from-plsql-1-1-129519.pdf Allow running of OS / shell commands from within SQL and PL/SQL] | ||
* [https://oracle-base.com/articles/10g/secure-external-password-store-10gr2 Store Oracle user (schema) passwords in a wallet instead of hard-coding them in shell scripts! - oracle-base.com] | * [https://oracle-base.com/articles/10g/secure-external-password-store-10gr2 Store Oracle user (schema) passwords in a wallet instead of hard-coding them in shell scripts! - oracle-base.com] | ||
| + | ===Show users with elevated privileges=== | ||
| + | <pre> | ||
| + | col grantee for a40 | ||
| + | col privilege for a85 wrap | ||
| + | select grantee | ||
| + | , privilege | ||
| + | , admin_option | ||
| + | from sys.dba_sys_privs | ||
| + | where ( | ||
| + | privilege like '% ANY %' | ||
| + | or privilege in ('BECOME USER', 'UNLIMITED TABLESPACE') | ||
| + | or admin_option = 'YES' | ||
| + | ) | ||
| + | and grantee not in ('SYS', 'SYSTEM', 'OUTLN', 'AQ_ADMINISTRATOR_ROLE', 'DBA', 'EXP_FULL_DATABASE', 'IMP_FULL_DATABASE', 'OEM_MONITOR', 'CTXSYS', 'DBSNMP', 'IFSSYS', 'IFSSYS$CM', 'MDSYS', 'ORDPLUGINS', 'ORDSYS', 'TIMESERIES_DBA','WMSYS','SCHEDULER_ADMIN','SYSBACKUP' ) | ||
| + | order by grantee | ||
| + | / | ||
| + | </pre> | ||
Latest revision as of 12:35, 4 September 2018
- User Profiles
- Random password generator
- Allow running of OS / shell commands from within SQL and PL/SQL
- Store Oracle user (schema) passwords in a wallet instead of hard-coding them in shell scripts! - oracle-base.com
Show users with elevated privileges[edit]
col grantee for a40
col privilege for a85 wrap
select grantee
, privilege
, admin_option
from sys.dba_sys_privs
where (
privilege like '% ANY %'
or privilege in ('BECOME USER', 'UNLIMITED TABLESPACE')
or admin_option = 'YES'
)
and grantee not in ('SYS', 'SYSTEM', 'OUTLN', 'AQ_ADMINISTRATOR_ROLE', 'DBA', 'EXP_FULL_DATABASE', 'IMP_FULL_DATABASE', 'OEM_MONITOR', 'CTXSYS', 'DBSNMP', 'IFSSYS', 'IFSSYS$CM', 'MDSYS', 'ORDPLUGINS', 'ORDSYS', 'TIMESERIES_DBA','WMSYS','SCHEDULER_ADMIN','SYSBACKUP' )
order by grantee
/
