Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-23770

Avoid SELECT_CATALOG_ROLE for Oracle template

XMLWordPrintable

    • 2

      Steps to reproduce:

      1. https://www.zabbix.com/integrations/oracle#oracle_odbc

      Result:
      SELECT_CATALOG_ROLE permissions are given to the user, not secure

      Expected:
      – Example: Avoid SELECT_CATALOG_ROLE for zabbix_mon to select v$restore_point

      connect sys as sysdba

      
      CREATE OR REPLACE TYPE user_restore_point_row AS OBJECT (
      
        SCN                          NUMBER,
      
        DATABASE_INCARNATION#        NUMBER,
      
        GUARANTEE_FLASHBACK_DATABASE VARCHAR2(3),
      
        STORAGE_SIZE                 NUMBER,
      
        TIME                         TIMESTAMP(9),
      
        RESTORE_POINT_TIME           TIMESTAMP(9),
      
        PRESERVED                    VARCHAR2(3),
      
        NAME                         VARCHAR2(128),
      
        CLEAN_PDB_RESTORE_POINT      VARCHAR2(3),
      
        PDB_INCARNATION#             NUMBER,
      
        REPLICATED                   VARCHAR2(3),
      
        CON_ID                       NUMBER 
      
      );
      
      /
      
      CREATE OR REPLACE TYPE user_restore_point_tab IS TABLE OF user_restore_point_row;
      
      /
      
       
      
      CREATE OR REPLACE FUNCTION user_get_restore_point return user_restore_point_tab pipelined as
      
      begin
      
        for i in (select * from v_$restore_point)
      
      loop
      
         pipe row (user_restore_point_row(i.SCN,i.DATABASE_INCARNATION#,i.GUARANTEE_FLASHBACK_DATABASE,i.STORAGE_SIZE,i.TIME,i.RESTORE_POINT_TIME,i.PRESERVED,[i.NAME|http://i.NAME],i.CLEAN_PDB_RESTORE_POINT,i.PDB_INCARNATION#,i.REPLICATED,i.CON_ID));
      
        end loop;
      
      return;
      
      end;
      
      /
      
       
      
      GRANT EXECUTE ON user_get_restore_point to zabbix_mon;
      
      GRANT CREATE VIEW TO zabbix_mon;
      
      REVOKE SELECT_CATALOG_ROLE FROM zabbix_mon;
      

      connect zabbix_mon

      select * from table(SYS.user_get_restore_point);
      
      CREATE OR REPLACE VIEW zabbix_mon.v$restore_point as select * from table(SYS.user_get_restore_point);
      
      select * from v$restore_point;
      

        1. Oracle by ODBC_Edit Jun 2024.md
          53 kB
          Marianna Zvaigzne
        2. Oracle Database plugin_Edit Jun 2024.md
          15 kB
          Marianna Zvaigzne

            knaglis Kristaps Naglis
            edgar.akhmetshin Edgar Akhmetshin
            Team INT
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: