The Usage Policy Whitelist And Blacklist Mechanism To Control Session Commands Is Not Applied To Scripts
Last updated on SEPTEMBER 08, 2017
Applies to:Oracle Privileged Account Manager - Version 184.108.40.206.0 and later
Information in this document applies to any platform.
Users are able to bypass the OPAM usage policy whitelist and blacklist mechanisms which are use to allow or disallow specific commands during session checkouts.
1. Sudo su – is not whitelisted in OPAM . Hence OPAMSH is blocking the command.
2. The user can run a .sh script file having the Sudo su, the sudu command is executed.
3. The user gets root access via script execution which should not be allowed.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms