052-33

Some non-DBA users in your database have been granted ANY TABLE system privileges and they
are able to access data dictionary base tables. You decide to restrict their access to data dictionary
objects.

Which method would you adopt to achieve this objective?
A.Revoke the RESOURCE role from the users.
B.Set the value of the OS_ROLES parameter to TRUE.
C.Use Database Resource Manager to restrict user access to objects.
D.Grant ANY TABLE system privileges again without ADMIN OPTION.
E.Set the value of the O7_DICTIONARY_ACCESSIBILITY parameter to FALSE.

  保护数据字典:默认情况下,O7_DICTIONARY_ACCESSIBILITY 参数设置为 FALSE,这会阻止具有 ANY TABLE 系统权限的用户访问数据字典的基表。
  07_DICTIONARY_ACCESSIBILITY is a database initialization parameter that controls access to objects in the SYS schema.  It was originally intended to help with migrations from Oracle7 to newer versions where access to data dictionary objects is limited by default. From a pure security perspective, 07_DICTIONARY_ACCESSIBILITY should always be set to FALSE and is a very common security recommendations for Oracle Databases in general.However, in Oracle Applications 11.5.9 and lower, 07_DICTIONARY_ACCESSIBILITY must be set to TRUE.  This is required for proper functioning of the application and Oracle does not support setting it to FALSE.  In 11.5.10 and higher, 07_DICTIONARY_ACCESSIBILITY should be set to FALSE.  See Oracle Metalink Note ID 216205.1 for more information.We find in many implementations that have been upgraded to 11.5.10.x, 07_DICTIONARY_ACCESSIBILITY is still set to TRUE.  For all 11.5.10.x implementations, 07_DICTIONARY_ACCESSIBILITY should be set to FALSE.

posted @ 2017-12-05 15:12  巴啦啦大魔王  阅读(121)  评论(0编辑  收藏  举报