Re: system privilege

#1

Jenny Wang wrote:

Quote:

How to find out when system privilege has been granted to a schema? For
instance, I need to know when "audit any" and "audit system" privilege has
been granted to Bob. Thanks in advance!

Jenny

SELECT object_name
FROM all_objects
WHERE object_name LIKE '%PRIV%';

The source of all knowledge is there.
--
Daniel Morgan
http://www.outreach.washington.edu/e...ad/oad_crs.asp
damorgan@x.washington.edu
(replace 'x' with a 'u' to reply)

#2

Hi

I just answered this question with a script on the server newsgroup. I
thought people here might be find it useful as well, its at http://www
..petefinnigan.com/tools.htm, and its called find_all_privs.sql. A sample
run is here:

SQL> @find_all_privs
get user input

NAME OF USER TO CHECK [ORCL]: PETE
OUTPUT METHOD [S/F]: S
FILE NAME FOR OUTPUT [priv.lst]:
OUTPUT DIRECTORY [/tmp]:

old 162: lv_file_or_screen:='&&output_method';
new 162: lv_file_or_screen:='S';
old 164: open_file('&&file_name','&&output_dir');
new 164: open_file('priv.lst','/tmp');
old 166: get_privs('&&user_to_find',lv_tabs);
new 166: get_privs('PETE',lv_tabs);
....USER => PETE has ROLE CONNECT which contains =>
.......SYS PRIV =>ALTER SESSION grantable => NO
.......SYS PRIV =>CREATE CLUSTER grantable => NO
.......SYS PRIV =>CREATE DATABASE LINK grantable => NO
.......SYS PRIV =>CREATE SEQUENCE grantable => NO
.......SYS PRIV =>CREATE SESSION grantable => NO
.......SYS PRIV =>CREATE SYNONYM grantable => NO
.......SYS PRIV =>CREATE TABLE grantable => NO
.......SYS PRIV =>CREATE VIEW grantable => NO
....USER => PETE has ROLE RESOURCE which contains =>
.......SYS PRIV =>CREATE CLUSTER grantable => NO
.......SYS PRIV =>CREATE INDEXTYPE grantable => NO
.......SYS PRIV =>CREATE OPERATOR grantable => NO
.......SYS PRIV =>CREATE PROCEDURE grantable => NO
.......SYS PRIV =>CREATE SEQUENCE grantable => NO
.......SYS PRIV =>CREATE TABLE grantable => NO
.......SYS PRIV =>CREATE TRIGGER grantable => NO
.......SYS PRIV =>CREATE TYPE grantable => NO
....USER => PETE has ROLE UNIX_ADMIN which contains =>
.......USER => UNIX_ADMIN has ROLE ADMIN which contains =>
..........SYS PRIV =>ALTER USER grantable => NO
..........SYS PRIV =>CREATE USER grantable => NO
.......SYS PRIV =>CREATE CLUSTER grantable => NO
....SYS PRIV =>CREATE DATABASE LINK grantable => NO
....SYS PRIV =>CREATE SESSION grantable => NO
....SYS PRIV =>UNLIMITED TABLESPACE grantable => NO
....TABLE PRIV =>SELECT table_name => V_$SESSION grantable => NO

PL/SQL procedure successfully completed.

SQL>

you can choose to either send output to the screen via dbms_output or to
a file via utl_file. choose 'S' or 'F' at run time and if you choose 'F'
specify a file name and directory.

Anyway its there if anyone would find it useful.
kind regards

Pete
--
Pete Finnigan
email

ete (AT) petefinnigan (DOT) com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Re: system privilege

comp.databases.oracle.misc comp.databases.oracle.misc

Re: system privilege - 07-14-2003 , 10:26 AM

Re: system privilege - 07-16-2003 , 04:27 AM