What is Privilege Analysis (included in Oracle Database 19c Enterprise Edition)
Database 19c is nothing more than the re-badging of release 220.127.116.11: the terminal 12c release that will have extended support until March That having been said, there are a few new features and
enhancements compared to earlier releases. However, what I really like
is a licensing change.
Privilege Analysis was introduced in 12c R1. It is brilliant. Without it, determining what roles and privileges a schema actually has, needs, and uses is phenomenally difficult. You can write all sorts of scripts that query dba_tab_privs, dba_sys_privs, dba_role_privs, role_role_privs, and dba_col_privs and you can try to make sense of various audit trails but the fact is that it is almost impossible to determine whether a user has more privileges than he needs and what privileges he is actually using. Particularly when roles and public grants are used as well. Often the only way is to revoke various grants until things stop working.
Enter Privilege Analysis. Use dbms_privilege_capture to enable monitoring of privilege usage, run your application for a while, then
query views such as dba_used_sysprivs, dba_unused_sysprivs, dba_used_userprivs, dba_unused_userprivs, dba_used_pubprivs and (perhaps most important) the various PATH views that show how the privilege was acquired. You can now be absolutely certain that your schemas have exactly the privileges they need: no more, and no less.
But! Privilege Analysis was part of the Database Vault, $11.5k per core factor. Not any more. From release 19c, Privilege Analysis is included in Enterprise Edition. Thank you, Larry.
For more information or assistance with your Oracle Database, contact: Gary Belke at 1-401-783-6172.
And visit https://skillbuilders.com/database-administration/ for more information about SkillBuilders Oracle Database Administration services.