Pete Finnigan's Oracle Security Forum


    
      
        Pete Finnigan's Oracle Security Forum
        (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
      

        Oracle Security >> Oracle Auditing >> Auditing DBA Role
        
(Message started by: Pete Finnigan on May 24^th, 2007, 8:08am)

Title: Auditing DBA Role
Post by Pete Finnigan on May 24^th, 2007, 8:08am

Hi,
I m working on Oracle Database auditing. In our organization there are more than one database administrators all having DBA role. Is it possible to enable auditing on DBA role whenever any of the Database administrator loged in and use the privileges under DBA role? If not, should I have to enable privilege auditing on all privileges of DBA role access by all database administrators??

Kindly give the solution.

thanks

Warm Regards

Farzana

Title: Re: Auditing DBA Role
Post by Pete Finnigan on Sep 10^th, 2007, 1:57am

A predefined role, named "DBA", is automatically created with every Oracle database. This role contains all database system privileges. Therefore, it is very powerful and should be granted only to fully functional database administrators.

Title: Re: Auditing DBA Role
Post by Pete Finnigan on Sep 10^th, 2007, 8:42am

Hi Alan,

Whilst your advice is good, you didn't answer the question.

SQL> audit dba by access;

Audit succeeded.

SQL>

You can use database audit on some core builtins such as the DBA role, connect, etc

cheers

Pete