Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Authorete

RE: Authorete

From: John Flack <JohnF_at_smdi.com>
Date: Fri, 12 Mar 2004 08:45:48 -0500
Message-ID: <91AFBA9B76078B4E8340A383EADEF1DB7EE562@syn2kex1.smdi.com> 





I'm trying to get a handle on exactly what you want the programmers to be able to do, and what you don't want them able to do.
 


If you are just trying to keep them from doing DDL, then you give them all their own user accounts, create and grant a "programmer" role with SELECT, INSERT, UPDATE and DELETE on the tables.  The tables are owned by a separate application schema to which only you have the password.  It might not even have the connect privilege.
 


Want to limit the rows on which they may operate too?  Look into Vitual Private Database.
 


Want to give them limited and highly controlled access to DDL?  Create a DDL package in the application schema with procedures that do EXECUTE IMMEDIATE commands for each DDL that you want to allow, then grant the programmer role EXECUTE on the package.  You can add all kinds of code to control exactly what they can do, and even have it e-mail you every time they use it, to let you know what they are up to.



-----Original Message-----


From: April Wells [mailto:AWells_at_csedge.com]
Sent: Friday, March 12, 2004 7:49 AM


To: 'oracle-l_at_freelists.org'


Subject: RE: Authorete




Ya know, I was thinking maybe adopting the idea of medieval times... if you get caught screwing around with the tables, I cut off your fingers... but there is this company policy against bodily harm against programmers... the SPCA comes around and fines you for hurting dumb animals... 
 


This was safer.  
 
 
 



April Wells 


Oracle DBA/Oracle Apps DBA 


Corporate Systems 


Amarillo Texas 


 @>-->-->-- 



"Few people really enjoy the simple pleasure of flying a kite" 
Adam Wells age 11 


"Imagination is the highest kite one can fly." 
Lauren Bacall 



-----Original Message-----


From: Goulet, Dick [mailto:DGoulet_at_vicr.com]
Sent: Thursday, March 11, 2004 3:26 PM


To: oracle-l_at_freelists.org


Subject: RE: Authorete




Shackles work very well in that case.  Possibly you could borrow a few pairs of handcuffs from the local police department!!  *-)
 



Dick Goulet


Senior Oracle DBA


Oracle Certified 8i DBA 



-----Original Message-----


From: April Wells [mailto:AWells_at_csedge.com]
Sent: Thursday, March 11, 2004 3:08 PM


To: oracle-l_at_freelists.org


Subject: RE: Authorete




no, I don't think that will give me what I'm really after... 
 


The idea is to tie the hands of the programmers to such an extent that I KNOW what they can and can not do... and how bad they can put me in a bind.
 






Please see the official ORACLE-L FAQ: http://www.orafaq.com




To unsubscribe send email to:  oracle-l-request_at_freelists.org
put 'unsubscribe' in the subject line.

--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------


Received on Fri Mar 12 2004 - 07:42:27 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US