Re: Synonyms
- From: Jared Still <jkstill@xxxxxxxxx>
- To: JEREMY.SHEEHAN@xxxxxxxxxxxxxxxxx
- Date: Wed, 1 Dec 2010 14:22:03 -0800
On Wed, Dec 1, 2010 at 6:54 AM, Sheehan, Jeremy <
JEREMY.SHEEHAN@xxxxxxxxxxxxxxxxx> wrote:
> --- Surely it's not really public synonyms but granting unnecessary
> privileges on those objects to public.
>
> Even then, public synonyms are frowned upon. We're pretty serious about
> SOX here and that's what has been declared. So we follow the rules, you
> know?
>
>
SOX rules are not static. Generally companies have a process for changing.
Declaring public synonyms a security risk seems to indicate the rule was
drafted by an auditor that was getting inaccurate advice.
ALL of the SOX auditors (there have been several) that I have worked with,
none have had a very good understanding of database operations - they
all need to be educated, hopefully by a DBA with a good understanding
of the database.
Jared
Other related posts:
