CP0907

Formal title: Security concerns surrounding use of Oracle SYS user

Current Status

Submission
Assessment
CPC Consultation
Committee Decision
Rejected

Summary

The current approach to upgrades of the NHHDA & EAC/AA software requires user organisations to log on as the Oracle SYS user raising implications from an IT security & controls perspective. The approach to upgrades of the Pool software requires the user organization to log on as the Oracle SYS user. Connecting to an Oracle database as SYS allows the user to manipulate the data contained in the data dictionary tables- the comprehensive set of tables and views internal to Oracle. These provide a vital source of information for the RDBMS itself, and are used internally by Oracle to manage all objects contained in the database. In the event of an uncontrolled error being experienced during upgrade, user organizations upgrading as SYS run the risk of corrupting the data dictionary. If this was to occur a full database recovery would be required which could take several hours to complete.

Progression

This CP was rejected

My BSC

Click on the X next to any of the icons to replace them with a short-cut link to the page you are currently on or search for a specific page.

List of BSC Insights

Previous Circulars

Training videos and services

Market Entry

Charge Codes and Switch Regimes

Add New

×

Or