2 Respostas
- Mais recentes
- Mais votos
- Mais comentários
1
Because Amazon RDS is a managed service, the following privileges for the DBA role are not provided:
ALTER DATABASE
ALTER SYSTEM
CREATE ANY DIRECTORY
DROP ANY DIRECTORY
GRANT ANY PRIVILEGE
GRANT ANY ROLE
As security best practice, you need to grant least possible privilege to application DB user. Analyze the application and DB code (DBA_DEPENDENCIES) to derive the permission needed by the application user.
Refer https://repost.aws/knowledge-center/rds-oracle-user-privileges-roles for more info.
respondido há 4 meses
1
The Procedure rdsadmin.rdsadmin_util.grant_sys_object
is to provide grants to a specific SYS object. But GRANT ANY ROLE
is a system privilege which can not be granted by the above procedure.
respondido há 4 meses
Conteúdo relevante
- AWS OFICIALAtualizada há um ano
- AWS OFICIALAtualizada há um ano
Excellent Info! If I understand your answer correctly, this privilege "grant any role" can not be granted to another user using the master account and the API "rdsadmin.rdsadmin_util.grant_sys_object" because the master account does not have that permission. Is this correct?