Revoking oracle directory creation permissions from a user in oracle:
CREATE ANY DIRECTORY usually useful when one want to create oracle directories in schema level, however it is found that one can create oracle directories and drop any directories without having create any directory system privileges in case schema has either imp_full_database or exp_full_database, bit surprising but may be it has been included in the view of impdp and expdp point of view. however when schema is not supposed to create any directories then we must check whether it has above said privileges to avoid misuse of oracle directories and misuse of directory concept when user supposed to exp or imp of his own user data..
hopefully this info may help in tightening security where security is mandatory.
No comments:
Post a Comment