AnsweredAssumed Answered

How to optimize the Policy Compliance controls for Oracle

Question asked by pougins1977 on Dec 9, 2010
Latest reply on Jan 5, 2011 by pougins1977



I would like to know two things:


Acutally, I use PC to check Oracle Compliance. But the default control configuration is not the standard for our IT. Indeed, we've a lot of technical account or supervisor account that manage the DB.


Then this account can be changed and then when I changed the Controls in Qualys I can't never be sur that the control with the company value is the good one.


To be more specific my questions are the following:


- Is it possible to modify a control and specif a role or a profile and not just a list of user.


and the second question


- is it possible (now or in the future) to have access to the sql instruction send to Oracle to check a control? It could be the best way to adapt the control to the company - IT standard needs.


For instance

control :Current list of ORACLE accounts having access to 'SELECT ANY TABLE' privilege

expected value: administrator DB and some technicals accounts


problem: the technical accounts can changed between to 2 differents DB (name is different if tha application is different)


But ONE thing never change: all technical account are in the role even is the username change: