Find Dangerous Users

Description: Finds users with dangerous assigned roles/grants

conn / AS sysdba
 
SELECT grantee, granted_role, admin_option
FROM   sys.dba_role_privs
WHERE  granted_role IN ('DBA', 'AQ_ADMINISTRATOR_ROLE',
                       'EXP_FULL_DATABASE', 'IMP_FULL_DATABASE',
                       'OEM_MONITOR')
  AND  grantee NOT IN ('SYS', 'SYSTEM', 'OUTLN', 'AQ_ADMINISTRATOR_ROLE',
                       'DBA', 'EXP_FULL_DATABASE', 'IMP_FULL_DATABASE',
                       'OEM_MONITOR', 'CTXSYS', 'DBSNMP', 'IFSSYS',
                       'IFSSYS$CM', 'MDSYS', 'ORDPLUGINS', 'ORDSYS',
                       'TIMESERIES_DBA')

Enjoyed this post? Share it!

 

Leave a comment

Your email address will not be published.