- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: psuedo setup on openVMS
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-13-2008 10:39 AM
тАО11-13-2008 10:39 AM
Re: psuedo setup on openVMS
I am testing the HGLOGIN and will let you know if it gives the complete oracle enviornment or not .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-13-2008 11:34 AM
тАО11-13-2008 11:34 AM
Re: psuedo setup on openVMS
There may be a variety of ways of accomplishing that particular goal if it is only a documentation requirement.
In that case, the information could possibly be derived from the accounting or login records (in the case of a DECnet login, for example, the ID of the remote session -- DECnet Node ID and Username) is available as a JOB logical and using F$GETDVI, if I recall correctly.
This could be written to the log during the login process.
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-14-2008 12:03 AM
тАО11-14-2008 12:03 AM
Re: psuedo setup on openVMS
I severely doubt it is needed that the DBA needs acces to the Oracle account for the work to be done.
When the Oracle and user accounts are set up with the right identifiers and privileges, the DBA should be able to login into his own account, and stay there. Be sure to have the privileges, required to access the database, be set as authorized privs, not default, so the DBA will have to SET PRIV before accessing the database environment. You could even think of a captive, or resticted account for this type of access, which disallows the DBA extending the high-privilege situation outside the environment.
OpenVMS Developer & System Manager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-14-2008 02:08 AM
тАО11-14-2008 02:08 AM
Re: psuedo setup on openVMS
another useful tool would be JUMP. It allows for fine-grained control, who could JUMP to which user and provides e.g. mail notification and recording sessions.
You find it on the freeware CD.
regards Kalle
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-16-2008 10:23 AM
тАО11-16-2008 10:23 AM
Re: psuedo setup on openVMS
NO. WRONG.
Sami, you are looking entirely in the wrong direction. Forget about sudo or anyting like that. And forget about havign your DBA's do "connect / as sysdba" and such.
Create proper Oracle user accounts for each DBA, identified by passwords or by OS username (my preference).
OpenVMS + Oracle has all the features needed for full accountability.
Re-read Richard Hunt's advice very carefully. He hits on most problems and has the workaround suggestions.
Good luck!
Hein.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-19-2008 08:05 AM
тАО11-19-2008 08:05 AM
Re: psuedo setup on openVMS
where can I find this 'freeware CD' containing JUMP utility ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-19-2008 08:38 AM
тАО11-19-2008 08:38 AM
Re: psuedo setup on openVMS
http://www.google.com/search?q=openvms+freeware+jump
http://mvb.saic.com
http://www.hoffmanlabs.com/vmsfaq
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-19-2008 11:18 AM
тАО11-19-2008 11:18 AM
Re: psuedo setup on openVMS
I found the source code and binaries but the binaries are for 7.1 , does any one have compiled binaries for JUMP for vms alpha
7.3-2 ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-26-2008 11:48 AM
тАО11-26-2008 11:48 AM
Re: psuedo setup on openVMS
We then gave each user the same privs as ORACLE. Within ORACLE, we defined each user to have the DBA role and all the other accessory roles that go with that. We relaxed the ORACLE directory permissions so that GROUP had the same permissions as owner. We assured that each user logged in as ORA_SAM or ORA_JACK or ORA_SALLY, etc.
ORACLE will REPEAT will work just fine and yet everyone has distinct logins. By making ORACLE its own group that isn't within the boundaries of MAXSYSGROUP, you can run the utilities you need from any of the ORAxxx accounts described above, because the ORACLE warnings about "SYSTEM not allowed to issue this command" don't ever kick in. You might have SYSPRV when you do your work as ORAxxx, but you aren't a "true" member of SYSTEM.
If you think YOU have auditing issues, just imagine what I have with a Dept. of Defense system. Yet because of our design and the care we exhibit in splitting out our users as described above, we have a 3-year Authority To Operate on a Dept. of Defense network. That's as much as anyone ever gets. You haven't SEEN auditing until you've had to provide DoD auditing reports.
Sami, I most strongly urge you to consider the above line of thinking, even if you don't do it exactly like I described. Just come close and you won't have an issue.
Another trick we played was that the ORAxxx accounts come up with all the ORACLE privileges but not by default. They are authorized but not enabled. The ORACLE DBAs have to issue a second command to enable their privileges, just to sort of force them to pay attention to what they are doing. AND they know I've got auditing turned on and operator logging wide open. So anything they do, I'll know about.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-26-2008 11:53 AM
тАО11-26-2008 11:53 AM
Re: psuedo setup on openVMS
I would agree with what Richard said in his post. Assuming another persona is always FAR less preferable than granting access. Additionally, the audit log records will always contain the correct ID, something that is not always true otherwise.
- Bob Gezelter, http://www.rlgsc.com
- « Previous
-
- 1
- 2
- Next »