Re: DBA Privileges and Developers
Date: Fri, 1 Feb 2008 13:53:59 -0600
Amen to that. And I did something that amounts to that at another place I worked. We made copies of the dba* views, cut out a few minor columns (like password), and handed that to the developers under a different name. Trivial work and everyone was happy. I even received a special company award for thinking of it...
On Feb 1, 2008 1:47 PM, Nigel Thomas <nigel_cl_thomas_at_yahoo.com> wrote:
> I think the confusion comes because
> - auditors are worried about what the DBA can do
> - a developer is granted read access to some "DBA" views
> - therefore the auditor (or pointy-haired manager) assumes the developer
> can now do something evil that only a DBA should be allowed to do.
> If the DBA_ views were called DEV_ views, and the developer-useful v$
> views were packaged differently, I think a lot of these kind of
> misunderstandings would fade away.
> Ah well...
> Regards Nigel
-- Andrew W. Kerber 'If at first you dont succeed, dont take up skydiving.' -- http://www.freelists.org/webpage/oracle-lReceived on Fri Feb 01 2008 - 13:53:59 CST