Results 1 to 4 of 4
  1. #1
    Join Date
    Nov 2003
    Location
    Europe
    Posts
    369

    Question Unanswered: Can oracle admins be effectively blocked from full db access?

    If a database solution is protected, and we dont have access to the original administrator password:

    How does oracle security work, is it possible to make a new / extra oracle server admin / database administrator and take "ownership"/get full access to all the databases/tables without using the original admin pw for that solution?

    We WILL have a separate Admin for the oracle system already. Not sure if we after the transfer / implementation of the system can use it or a new one to gain full control.

    We know that we might not have full control in the front-end developed in Delphi, but we need to have full access to all db's and tables within oracle.
    Win-XP pro, Access 2002, ADO 2.7, DAO 3.6. English versions of apps/OS.

  2. #2
    Join Date
    Nov 2003
    Location
    Europe
    Posts
    369

    Question

    Quote Originally Posted by kedaniel
    We know that we might not have full control in the front-end developed in Delphi, but we need to have full access to all db's and tables within oracle.
    Specifically:
    Can I be assured that as a minimum, an oracle server administrator can make full exports of all data in any database/table, if we need to use the data in other ways than the "half-locked" system permits?
    (Or is it possible that a oracle-based system have locks in place that even limit oracle server administrator's from extracting / exporting the data?)

    (I do not know the terms used for oracle, for example if there are many levels for administrators, but by "oracle server administrator" I mean the highest possible access level in a oracle system/oracle server.)
    Win-XP pro, Access 2002, ADO 2.7, DAO 3.6. English versions of apps/OS.

  3. #3
    Join Date
    Jan 2004
    Location
    Croatia, Europe
    Posts
    4,094
    Provided Answers: 4
    If I understood well, you WILL have another user with DBA privileges. He will be able to, for example, perform full database export/import.
    I hope I'm not wrong saying this: such a user can modify other users' passwords. Therefore, I guess you'd be able to change even another DBA privileged user's password (if you really need it) (using "ALTER USER user_name IDENTIFIED BY new_password;" statement).

    You'll surely hear more about it from the Forum DBA users; I'm sure they'll explain it much better.

  4. #4
    Join Date
    Jun 2003
    Location
    West Palm Beach, FL
    Posts
    2,713

    Cool

    It does'nt matter that the "schema" owner is locked or you don't know the password.
    You or the person responsible for the database must have the SYSTEM password or an equivalent account with DBA privileges -- and can unlock or change the password as littlefoot suggests.
    The person who says it can't be done should not interrupt the person doing it. -- Chinese proverb

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •