Skip to Main Content
Forums

Database Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Revoke all access to CTXSYS PACKAGES from PUBLIC

skyfoxJun 10 2013 — edited Jun 18 2013

Hi,

On a few of our production (11g) databases we have a auditors security violation asking for:

Revoke all access to CTXSYS packages from PUBLIC.

My question is if execute on CTXSYS packages is revoked from Public, are there any implications/consequences IF the CTXSYS user is locked &/or CTXAPP role has a bearing? My understanding is that when the databases were created with Oracle Intermedia/cotext option Oracle creates CTXSYS user and at some point these features were not being used, so CTXSYS user was locked. But if the CTXSYS packages have execute granted to PUBLIC, there could be an issue, so either a work around or a security execption may be required.

Thanks!

Ken
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jul 16 2013
Added on Jun 10 2013
#11g, #access, #audit, #database-security, #database-security-general, #security, #user
1 comment
1,104 views