Re: DBA Privileges and Developers

From: Andrew Kerber <andrew.kerber_at_gmail.com>
Date: Fri, 1 Feb 2008 13:53:59 -0600
Message-ID: <ad3aa4c90802011153o1c1b32dfwf93a407d3e9b2e93@mail.gmail.com>


Amen to that. And I did something that amounts to that at another place I worked. We made copies of the dba* views, cut out a few minor columns (like password), and handed that to the developers under a different name. Trivial work and everyone was happy. I even received a special company award for thinking of it...

On Feb 1, 2008 1:47 PM, Nigel Thomas <nigel_cl_thomas_at_yahoo.com> wrote:

> Lisa
>
> I think the confusion comes because
> - auditors are worried about what the DBA can do
> - a developer is granted read access to some "DBA" views
> - therefore the auditor (or pointy-haired manager) assumes the developer
> can now do something evil that only a DBA should be allowed to do.
>
> If the DBA_ views were called DEV_ views, and the developer-useful v$
> views were packaged differently, I think a lot of these kind of
> misunderstandings would fade away.
>
> Ah well...
>
> Regards Nigel
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>

-- 
Andrew W. Kerber

'If at first you dont succeed, dont take up skydiving.'

--
http://www.freelists.org/webpage/oracle-l
Received on Fri Feb 01 2008 - 13:53:59 CST

Original text of this message