Can any of the required Oracle Database permissions be revoked after successfully installing the Automation Engine?

Document ID : KB000088103
Last Modified Date : 14/04/2018
Show Technical Document Details
Issue:
Error Message :
N/A

During a database security audit, a question arose regarding permissions that are actually needed for the ongoing operation. The permissions are described in the documentation.

Database Rights for the Automation Engine

CREATE SESSION
  • CREATE TABLE
  • CREATE SEQUENCE
  • CREATE PROCEDURE
  • EXECUTE ANY PROCEDURE
  • CREATE VIEW
  • CREATE PUBLIC SYNONYM
  • DROP PUBLIC SYNONYM
  • ALTER SESSION
  • Either the system privilege UNLIMITED TABLESPACE or the tablespace quotas for all tablespaces
  • The right EXECUTE for the DBMS package (command so set this right: GRANT execute ON dbms_lock TO <schema_name>). This right can only be set by a user who has the SYSDBA privilege.

Question
Is it possible to remove these permissions after the installation?

Answer
If there are any security considerations regarding any of these permissions, they can be removed after the Automation Engine (AE) installation has successfully finished.  However, permissions on all the above-listed objects will be required prior to performing a hotfix or update since changes are made to the DB schema of the AE during the upgrade process.

Therefore if any of these privileges are revoked, ensure that the privileges are enabled again prior to any update done with the DB load (hotfix/update release).
Environment:
OS Version: N/A
Cause:
Cause type:
Other
Root Cause: N/A
Resolution:
N/A

Fix Version(s):
N/A
Additional Information:
Workaround :
N/A