Can OPA privileges and roles over SYS.USER$ table (SELECT,UNLIMITED TABLESPACE, RESOURCE , GRANT ANY ROLE) be removed?
(Doc ID 2522104.1)
Last updated on DECEMBER 03, 2019
Applies to:Oracle Clinical - Version 4.6.5 and later
Information in this document applies to any platform.
OPA account has access(eg : SELECT privilege) to SYS.USER$ and also have UNLIMITED TABLESPACE, RESOURCE , GRANT ANY ROLE.
Impact: This can allow non-privileged users the authorization to open SYS.USER$ table and capture password hashes which can break confidentiality.
Can these privilege(s)/role(s) be removed from OPA?
Will this action have any impact on the OC/RDC application?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document