And as Arup's Oracle Magazine's DBA of the Year for 2003, he's probably right.
Congrats, Arup! Rich Rich Jesse System/Database Administrator [EMAIL PROTECTED] Quad/Tech Inc, Sussex, WI USA > -----Original Message----- > From: Arup Nanda [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 12, 2003 3:14 PM > To: Multiple recipients of list ORACLE-L > Subject: Re: Stop using SYS, SYSTEM? > > > Ron, > > It is a good practice, in general, to stop using SYS and > SYSTEM accounts for > everyday use. The simplest rule of thumb is accountability > somehow increases > many times over when you link a database named user to a > physical person, > not a ethereal entity like SYS. This is especially true if > you use auditing > and turn on SYSDBA auditing; but even if you don't sometimes > the use of > specific named users put people on the alert when they do something > potentially dangerous and can avoid accidents. > > The other reason of not using SYS is to avoid accidental > creation of objects > in SYS and SYSTEM schema. The best option is to lock SYSTEM > user and never > let SYS user. Unfortunately you can't lock the SYS user. > > Third, you can create default tablespaces for all these DBA > users to hold > their objects, specifically temporary/occasional tables (not > the global > temporary tables), test tables, etc. and all those will not > get into SYSTEM > tablespace. > > Perhaps I should mention here is that I also conduct database security > audits for corporations. But unlike your auditors, I tend to > follow the > advice up with more detailed information :) > > Arup Nanda > www.proligence.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Jesse, Rich INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
