On Wed, Dec 1, 2010 at 6:54 AM, Sheehan, Jeremy < JEREMY.SHEEHAN@xxxxxxxxxxxxxxxxx> wrote: > --- Surely it's not really public synonyms but granting unnecessary > privileges on those objects to public. > > Even then, public synonyms are frowned upon. We're pretty serious about > SOX here and that's what has been declared. So we follow the rules, you > know? > > SOX rules are not static. Generally companies have a process for changing. Declaring public synonyms a security risk seems to indicate the rule was drafted by an auditor that was getting inaccurate advice. ALL of the SOX auditors (there have been several) that I have worked with, none have had a very good understanding of database operations - they all need to be educated, hopefully by a DBA with a good understanding of the database. Jared