| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Back and a Question
rjamya wrote,on my timestamp of 17/08/2006 9:23 PM:
> But here is the bottom line, completely disabling production access
> isn't possible in all cases. We for e.g. get daily twice data from a
Completely disabling production access would probably result in it not being called, well, "production"? ;-)
> into prod, but our end users know the time when this data becomes
> available in the company. and if they can't access in next 15 minutes,
> they pick up the phone and start yelling. It is a business requirements
No one said end users shouldn't be allowed to use data. The issue is: why is it needed for *developers* to access that data other than through the application interface itself? If the end users can't get to it without first the developers getting to the data, then something is wrong at the application level: nothing to do with securing this or that.
> In these certain types of conditions we let developers shadow user's
> session but occasionally their managers let them in production as well.
That is fine, under appropriate control. Let's not confuse emergency situations, where immediate action is needed by someone with application knowledge, with general access to production by developers: the two are not the same nor should they meet.
> A friend of mine works for a financial company (not on the wall street),
> their developers have read only access to production every day, because
> they found out that, that helped them get issues fixed quickly.
Very dangerous. One thing is access when needed, another thing is permanent access - be it read only or whatever - just because it is "convenient".
-- Cheers Nuno Souto in sunny Sydney, Australia dbvision_at_iinet.net.au -- http://www.freelists.org/webpage/oracle-lReceived on Thu Aug 17 2006 - 08:07:31 CDT
 |
 |