Oracle Security is easier if you design for it
View Profile | WWW | Email
Default User IDs
« on: Jan 28th, 2009, 10:43pm »
Quote | Modify
i am not an Oracle expert. i am an internal auditor. i have recently performed an audit covering the application and the DB. we have more than 100 customers and they all have dedicated oracle DBs.
for ease of management our DBAs have created a generic user ID for each customer DB and they use it to log in and perform their day today task. also they use SYS and SYSTEM oracle default users as well.
our DBAs have a team of 6 and they share the above mentioned generic User Ids to manage the DBs.
my prime concern is the use of these generic user IDs. given the fact that they do not use any other auditing facilities that are available in the oracle itself. for an example like unauthorised access into DB and so on.
my question is, is it possible to create individual user IDs on the oracle DB for each member of the DB team and for the all DBs? is it administratively a burden or easy to manage?
i really would like to have your comments to this matter and any suggestions greatly appreciated.
many thanks in advance.