The Usage Policy Allowlist And Denylist Mechanism To Control Session Commands Is Not Applied To Scripts (Doc ID 2272871.1)

Last updated on NOVEMBER 01, 2022

Applies to:

Oracle Privileged Account Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

Users are able to bypass the OPAM usage policy allowlist and denylist mechanisms which are use to allow or disallow specific commands during session checkouts.

For example:
1. Sudo su – is not allowlisted in OPAM . Hence OPAMSH is blocking the command.
2. The user can run a .sh script file having the Sudo su, the sudu command is executed.
3. The user gets root access via script execution which should not be allowed.

Cause

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Symptoms

Cause

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

The Usage Policy Allowlist And Denylist Mechanism To Control Session Commands Is Not Applied To Scripts (Doc ID 2272871.1)

Applies to:

Symptoms

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!