I would like to know two things:
Acutally, I use PC to check Oracle Compliance. But the default control configuration is not the standard for our IT. Indeed, we've a lot of technical account or supervisor account that manage the DB.
Then this account can be changed and then when I changed the Controls in Qualys I can't never be sur that the control with the company value is the good one.
To be more specific my questions are the following:
- Is it possible to modify a control and specif a role or a profile and not just a list of user.
and the second question
- is it possible (now or in the future) to have access to the sql instruction send to Oracle to check a control? It could be the best way to adapt the control to the company - IT standard needs.
control :Current list of ORACLE accounts having access to 'SELECT ANY TABLE' privilege
expected value: administrator DB and some technicals accounts
problem: the technical accounts can changed between to 2 differents DB (name is different if tha application is different)
But ONE thing never change: all technical account are in the role even is the username change: