Database Reference
In-Depth Information
The INHERIT privileges help explain some of the extra PUBLIC privileges in 12c, but one can't help think that the
new Definer's Rights Roles for PL/SQL should be more fully utilized to reduce public privileges in the database.
There are a number of “gotchas” for privileged access control within Oracle, and the main reason is due to the
complexity of the privilege structure and the lack of tools to reduce this complexity to a manageable level, so that
privilege distribution can be monitored, understood, and controlled. This has improved in 12c with some very nice
privilege-management tools that will help to automate some intelligent checking; however, the central problem of
how to secure the primary privileged access for
"oracle"
*nix and SYSDBA has not been solved, as we will see in Part
IV. First, let's dig deeper into advanced defense against the issues we have discussed and the appropriate forensic
response.
