Security :: To See Any Database For The Operations Of Sys User Or Any Other User
Aug 23, 2011
I have enabled Auditing in my oracle Database but I am not able to see any database for the operations of sys user or any other user in my "SYS.AUD$" and "SYS.FGA_LOG$" tables.
Value for the parameter "AUDIT_TRAIL" is set to "db,extended".
I am working as "SYS" user and I have shutdown and again startup the database but neither there was any information in both the tables nor I can see any files at the destination specified by "AUDIT_FILE_DEST".
Last week we have realized that a user who connects through SQL Developer(as nothing wrong found in application server logs) has made a serious change in the database which created a real mess. The user has done some mischief in some calculations by making some inserts and updates in some important tables in our production database.
How can I find which user or from which IP the change is made.
I have a doubt in locking user account in oracle database.I was told to drop some unusable users in database which my clients dont require them.I verified the dependent objects of those users but not sure if these users can be dropped.
Instead can i make those user accounts locked so that they cannot connect to database? Would there be any impact on database performance if i lock those user accounts?
Is locking an account and dropping users is similar in anyway?
I know how to use database links in various forms, but I've been trying to think through how the authentication works for a connected user link in 11g. If I create the link like this,create public database link using 'orcl';then any user can use the link, provided they have an identical username/password in the two databases. With pre-11g passwords, it was understandable: the password was salted with the username, so the hash of the password would be the same in both databases, and I assumed that the logon through the link used some sort of IDENTIFIED BY VALUES mechanism. But in 11g, the salt will different in the two databases. So the hash will be different. And of course Oracle never stores the actual password. So I don't see how the authentication works.
I have a two different Databases. I created a db link in DB 1 to connect to DB 2 and it is working fine when I select data from any table. but I have one table in the DB2 which has a column with user defined data type . so when I try to select this column from DB 2 by using the DB link it gives me this error :ORA-22804 remote operations not permitted on object tables or user-defined type columns.
Quote: SESSIONS_PER_USER Each instance maintains its own SESSIONS_PER_USER count. If SESSIONS_PER_USER is set to 1 for a user, the user can log on to the database more than once as long as each connection is from a different instance.
Of course the following is not working even when resource_limit is TRUE
ALTER PROFILE DEFAULT LIMIT SESSIONS_PER_USER 2;
How can I restrict a user to have limited sessions say 2 sessions across 4 node cluster? Presently I am checking the sessions logged in using sql+ and no connection pooling of front end etc. is involved.
I am using Oracle Internet Directory to store user information and OID delegation administratibe services for user entry. An an admin I created a privileges group called admins. Users belonging to this group can create user, delete users, edit users, and edit groups. I created 'User A' and assigned him to the group. Now 'User A' creates 'User B' and assignes him to the group. However when 'User B' creates 'User C' he gets the error [LDAP: error code 50 - Insufficient Access Rights].
This happens even though 'User B' belongs to the admin group which has the privilege to create users.
The application user owns the application schema which owns all the database objects in this schema. Now 50 of our developers need access to this application schema but giving away the password for the application user is risk as "Drop user application cascade" and wipe off all the objects. The option i have is to create 50 separate users with tablespace as application and grant all rights to application schema.
We like to integrate the window LDAP to a new oracle database for user authentication. For example, this is a new test database and we don't have any users created.Now we like to figure out if we created the users with same id as in LDAP userid, how they can be authenticated externally by LDAP. I read and heard some info on OID provided by oracle but need some more step by step info to experiment.