Create user with database vault

Eter Panji
Дата: 05.11.2008 16:24:36
Introduction
There is the application. The application schema owner create users to access to the schema objects.
The client want to protect application data from DBA by using Database Vault.
The supplier does not want to change anything in his aplication.

Case
After implementing database vault. Database administrator could not see application data.Thats good.
But Schema owner could not create new users. That is bad.

CREATE USER TEST IDENTIFIED BY test
DEFAULT TABLESPACE USERS
TEMPORARY TABLESPACE TEMP;

Error
ORA-01031 Insufficient privilages

I have disabled
"CREATE USER" Command rule in Database Vault
And grant CREATE USER back to the SCHEMA OWNER
but nothing changes

I understand that it makes schema owner more powerfull, but it looks quit reasonable if there is only one application on the database.

Any ideas how to create user from Application Schema owner?

Kind Regards,
Eter Pani
http://www.joraph.com
pravednik
Дата: 05.11.2008 16:35:19
Может быть проблема в том, что это одно из дефолтных правил для волта.
попробуйте предоставить SCHEMA OWNER роль DV_ACCTMGR
Eter Panji
Дата: 05.11.2008 17:01:41
Thanks

when I grant DV_ACCTMGR to Schema owner

everything start working.

But I need only CREATE USER, thus I will try to find out some other methods, that gives more strict access.

Thanks anyway

Kind Regards,
Eter Pani
http://www.joraph.com