Those who are familiar with the Oracle data dictionary can use the dictionary to find out if their database has any security exposures. Here are some common queries that are used to audit Oracle security.

1. Search for any system privileges that are granted WITH ADMIN OPTION - Privileges that are granted WITH ADMIN can be passed to other users. Hence, many companies prohibit this option, and others check to ensure that all user ID’s are proper. The information for this is located in the DBA_SYS_PRIVS view, and here is the code to do this.

select

grantee,

privilege,

admin_option

from

sys.dba_sys_privs

where

admin_option = 'YES'

and

grantee not in (‘SYS’,’SYSTEM’, etc);

2. Search for any end-users with system privileges - Users with system-level privileges may have access to unwanted areas of the database. For example the “select any table” system privilege may allow unwanted access to a user.

来自 “ ITPUB博客 ” ，链接：http://blog.itpub.net/26706/viewspace-64597/，如需转载，请注明出处，否则将追究法律责任。