We are starting to look into a PPM8 upgrade and notice that the schema owner now should have the JAVASYSPRIV role. This roles gives access to ALL system files of the db server with read/write/delete/execute permissions. This is not compliant with our security poilicies and Oracle states themselves that "Both roles still exist within this release for backward compatibility. However, Oracle recommends that you specify each permission explicitly, rather than utilize these roles" and Sun writes "The <> permission with write action is especially dangerous. This grants permission to write to the entire file system."
Have anyone any idea on how to restrict these rights, ie what files/folders does PPM8 actually have to be able to edit/delete/execute?