Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Midude2000
Newcomer II
2 weeks ago
2 weeks ago

SOX user access review control for Oracle EBS database

Hello: 

we have to review user access to the oracle database as part of our quarterly user access review process.

 

what database tables and accounts have you reviewed? can someone share a sample of the queries to run to get this information? what have you excluded and why (for example people with select and view ready only can be deselected). 

 

Reply
0 Kudos
6 Replies
akkem
Newcomer III
2 weeks ago
2 weeks ago

The process should be documented in the Access Control Policy and Procedures, detailing how user access is managed at the organizational level, IMO.
Reply
nkeaton
Contributor III
2 weeks ago
2 weeks ago

You may not get an answer for that here. Those of us who work in cybersecurity have a responsibility to protect our organizations. That kind of information could potentially be used in a way that could help identify vulnerabilities and be acted upon.
Reply
0 Kudos
dcontesti
Community Champion
a week ago
a week ago

@nkeaton 

I believe your statement to be totally untrue.  The Community was created for folks to share, ask questions and generally connect with others, so PLEASE do not speak for everyone here on the Community.

 

@Midude2000 First, I am not a DBA, so not able to supply the exact query (usually I request this from an administrator) but limited knowledge is that you would First: 

 

Select ADMIN > MANAGEMENT > USERS

 

This should allow you to view the USERS Page which will provide you with FIELD (which shows the user's name and their DISPLAY name) along with ACTIONS (which details what the user may do)

 

Having lived through quarterly SOX audits, you can request an account from the DBAs, such that you may run the query in front otfthe auditors so they can see what the query is, document that they saw it run, and then can attest to the results.  Being able to do this has assisted us.

 

I hope this helps a little.  Here is a link that may assist you:

 

https://docs.oracle.com/en/database/oracle/oracle-database/19/ladbi/oracle-database-system-privilege...

 

Additionally, I recommend that you pull down the ORACLE documentation on doing this as a back up.

 

OTHERS?

 

Regards

 

d

 

Reply
nkeaton
Contributor III
a week ago
a week ago

@dconesti I am not sure why you feel it necessary to lecture me. It is my opinion, but this is true in cybersecurity. We would have real issues if our folks just started giving out details on any part of our infrastructure. Our folks know that they are not to do this. Loose tweets sink fleets. Protecting our organizations is what we are paid to do. So I respectfully disagree with you.
Reply
0 Kudos
dcontesti
Community Champion
a week ago
a week ago

@nkeaton And I am not sure why you felt the need to reply for all of us.

Reply
0 Kudos
nkeaton
Contributor III
a week ago
a week ago

@dcontesti I never did speak for anyone but myself and never said that did. I was just letting them know why they might not get answers. Responsible cybersecurity personnel don’t just give out details. We protect our organizations. I am still not sure why you are taking offense and still respectfully disagree with you which is fine. No hard feelings, just don’t agree with you.
Reply
0 Kudos