Home > Blogroll, dba, security > RECOVERY_CATALOG_OWNER

RECOVERY_CATALOG_OWNER

December 6th, 2005 Leave a comment Go to comments

I just tried today to limit power of rman :

REVOKE ALTER SESSION, CREATE DATABASE LINK FROM RECOVERY_CATALOG_OWNER;

It seems I can still do a backup… probably those privilege are not needed by rman, maybe just inherited from Connect in an older released !?

Tags:
  1. Anonymous
    December 10th, 2005 at 02:31 | #1
    Reply | Quote

    I’m wondering whether the dblink priv might be used in some syntax for cloning?

    Pete Finnegan mentioned this post.

  2. Laurent Schneider
    December 10th, 2005 at 09:31 | #2
    Reply | Quote

    Thanks for your comment.

    pete finnigan advise to not revoke from builtin role, but not grant the builtin role to rman sounds very wise!

  1. No trackbacks yet.
CAPTCHA Image
*