Sometime keeping Database security in mind we may have to block the access of user on other schema object's. Normally this can be achieved by roles and privileges in database.
But how about users having "SYSDBA" privileges. To achieve this we can user Database Vault feature for blocking there access in database.
Here we show some steps to do so
1) Creating on User in database and "sysdba" privilege will be granted to him later
2) Once user is created we will assign sysdba Privilege & Connect role to the user. you can see below in screenshot the users who can assign these privilegs and roles. "comment in red"
3) Now check the Authenticated_Identity of the user to be blocked .i.e. SYS and ORACLE
4) Once Authenticated_Identity is found we can proceed to create Rule Set and Rule for blocking these users having sysdba privileges. so we are proceeding with creating Rule Set >> Creating Rule >> Adding Rule to Rule Set >> enforcing Rule on these users.
5) We are ready to test the Rule for these user .i.e Blocking users having sysdba privs.
Done.. / as sysdba :(
This comment has been removed by the author.
ReplyDeleteIn this case you have to restrict vijay user also. The realm is restricting only sys user.
ReplyDeleteThis is my understanding.