Formal title: Security concerns surrounding use of Oracle SYS user

Current Status

CPC Consultation
Committee Decision


The current approach to upgrades of the NHHDA & EAC/AA software requires user organisations to log on as the Oracle SYS user raising implications from an IT security & controls perspective. The approach to upgrades of the Pool software requires the user organization to log on as the Oracle SYS user. Connecting to an Oracle database as SYS allows the user to manipulate the data contained in the data dictionary tables- the comprehensive set of tables and views internal to Oracle. These provide a vital source of information for the RDBMS itself, and are used internally by Oracle to manage all objects contained in the database. In the event of an uncontrolled error being experienced during upgrade, user organizations upgrading as SYS run the risk of corrupting the data dictionary. If this was to occur a full database recovery would be required which could take several hours to complete.


This CP was rejected


Click on the X next to any of the icons to replace them with a short-cut link to the page you are currently on or search for a specific page.