Re: Privileges by session
Date: Tue, 12 Jan 2010 14:54:53 +0200
I would take the following steps:
1) create a user that has read only access to all the tables. 2) Put in a login trigger that will fail all logon with the application user but with other programs like SQLPLUS or TOAD. 3) As has been written, add logging violations to the trigger and reporting the violations.
3) Add checking the source machine in the trigger.
That should take care of 95& of the problem
Blanchard, William wrote:
> I have convinced management to allow me to grant read-only access to
> the developers. The problem is that they know the application
> passwords and have been using those passwords to circumvent my
> controls. Is there a way via a trigger, role, etc to change
> individual sessions privileges so they have read only (select)
> permissions? The easiest way would be to change the permissions on
> the applications but that's not an option.
> Thank you,
> This email and any information, files, or materials transmitted with it
> are confidential and are solely for the use of the intended recipient.
> If you have received this email in error, please delete it and notify
> the sender.