Policies used

Grid Control starts with quite high number of different policies (generally they have something to do with security issues). Of course it is recommended to apply all of them, though in general it is a little complicated. For example on one hand one should revoke EXECUTE privilege to let's say UTL_FILE from PUBLIC, while at the same time invalidating some synonyms within PUBLIC schema.

Here is shortcut of those policies toward database targets:

• Parameter SQL92_SECURITY should be set to true. The parameter enforces having SELECT privilege to run UPDATE or DELETE with SET or WHERE clauses (and usage of column values)
• Parameter GLOBAL_NAMES should be set to true. The parameter enforces a database link to have the same name as the database it connects to.
• Checks whether UTL_FILE_DIR is not used with Oracle RDBMS version 9i and later (instead should be used directories of course)
  
• Checks PUBLIC access to packages such as UTL_FILE, UTL_HTTP, UTL_SMTP, UTL_TCP, DBMS_LOB, DBMS_JOB, etc.
  
• Checks if all objects are VALID, so on start one should compile all invalid objects and possibly remove those, which do not compile properly.
  
• The password related settings for profiles in use should have non default values (default values mean usually UNLIMITED period). It particularly relates to PASSWORD_LIFE_TIME, PASSWORD_REUSE_TIME, PASSWORD_REUSE_MAX and PASSWORD_GRACE_TIME.