By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

RDS Master Account

2

Hi

I have an oracle 19c RDS in AWS.

I created a DBA account and granted the DBA role to it.

Is there anymore grants that I can do to make account with similar permission to the RDS master account created with the RDS? I dont think the "SYSDBA" role would work with RDS because SYS schema is locked by default in RDS.

Topics
Migration & ModernizationAnalyticsDatabaseManagement & GovernanceAWS Well-Architected Framework
Tags
Amazon Relational Database ServiceAWS Management ConsoleDatabaseOracleSecurity
Language
English
sam15
asked 7 months ago428 views
1 Answer
3
Accepted Answer

Hello,

RDS Master account user has below system privileges,

ALTER DATABASE LINK, ALTER PUBLIC DATABASE LINK, DROP ANY DIRECTORY, EXEMPT ACCESS POLICY, EXEMPT IDENTITY permission sets and roles don't have permission to create or modify, GRANT ANY OBJECT PRIVILEGE, RESTRICTED SESSION, EXEMPT REDACTION POLICY

and below DB roles by default.

AQ_ADMINISTRATOR_ROLE, AQ_USER_ROLE, CONNECT, CTXAPP, DBA, EXECUTE_CATALOG_ROLE, RECOVERY_CATALOG_OWNER, RESOURCE, SELECT_CATALOG_ROLE

As you mentioned, sys is locked with RDS as it is fully managed. If you need administrative rights to the database and underlying operating system to make dependent applications available, Amazon RDS Custom is the better choice. If you want full management responsibility and simply need a managed compute service, the best option is self-managing your commercial databases on Amazon EC2.

AWS
SUPPORT ENGINEER
Yokesh NK
answered 7 months ago
profile pictureAWS
EXPERT
Jose Guay
reviewed 6 months ago
  • sam15
    6 months ago

    Hi I could not do RDS Custom because it is not available in Gov CLoud. If I granted the system privileges and roles you listed above to a regular account with DBA role would it be identical to the Master RDS default account?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content