Can OPA privileges and roles over SYS.USER$ table (SELECT,UNLIMITED TABLESPACE, RESOURCE , GRANT ANY ROLE) be removed?
(Doc ID 2522104.1)
Last updated on JULY 22, 2024
Applies to:
Oracle Clinical - Version 4.6.5 and laterInformation in this document applies to any platform.
Goal
OPA account has access(eg : SELECT privilege) to SYS.USER$ and also have UNLIMITED TABLESPACE, RESOURCE , GRANT ANY ROLE.
Impact: This can allow non-privileged users the authorization to open SYS.USER$ table and capture password hashes which can break confidentiality.
Can these privilege(s)/role(s) be removed from OPA?
Will this action have any impact on the OC/RDC application?
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |