RE: CREATE DATABASE LINK privilege discussion

From: Taylor, Chris David <ChrisDavid.Taylor_at_ingrambarge.com>
Date: Mon, 31 Oct 2011 08:18:49 -0500
Message-ID: <C5533BD628A9524496D63801704AE56D6A332F0AA1_at_SPOBMEXC14.adprod.directory>



I *KNOW*. It's killing me.

Chris Taylor
Sr. Oracle DBA
Ingram Barge Company
Nashville, TN 37205

"Quality is never an accident; it is always the result of intelligent effort."
-- John Ruskin (English Writer 1819-1900)

CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender immediately and delete the contents of this message without disclosing the contents to anyone, using them for any purpose, or storing or copying the information on any medium.

-----Original Message-----
From: Joel.Patterson_at_crowley.com [mailto:Joel.Patterson_at_crowley.com] Sent: Monday, October 31, 2011 7:56 AM
To: Taylor, Chris David; oracle-l_at_freelists.org Subject: RE: CREATE DATABASE LINK privilege discussion

I cannot remember anyplace I have ever worked that did not have a policy against connecting to prod from any other database except another production database. Sometimes production connects to dev/test/accp, but never the other direction.

Joel Patterson
Database Administrator
904 727-2546

-----Original Message-----
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Taylor, Chris David Sent: Saturday, October 29, 2011 11:20 AM To: 'oracle-l_at_freelists.org'
Subject: CREATE DATABASE LINK privilege discussion

I am curious how many of you grant your developers the 'CREATE DATABASE LINK' privilege in 10g or higher? We have a production read-only account that is setup to provide support for troubleshooting production support issues and one of my developers (out of approximately 20 devs) created a database link from a development database to production for his application.

Now, this is fast becoming an issue and he keeps complaining that he needs that privilege and that he should be able to create as many database links as he wants - wherever he wants (for those environments he has access to including the production support ID).

We (as an organization) have been sloppy in the past in granting 'CREATE DATABASE LINK' but thankfully we have developers who normally understand that you shouldn't use it to create links to a production support id for app dev.

So how do you handle it? Is there a good document on what privs app devs should 'typically' have? A good industry standards doc or some such?

Thanks,

Chris Taylor
Sr. Oracle DBA
Ingram Barge Company
Nashville, TN 37205

"Quality is never an accident; it is always the result of intelligent effort."
-- John Ruskin (English Writer 1819-1900)

CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender immediately and delete the contents of this message without disclosing the contents to anyone, using them for any purpose, or storing or copying the information on any medium.

--
http://www.freelists.org/webpage/oracle-l




--
http://www.freelists.org/webpage/oracle-l
Received on Mon Oct 31 2011 - 08:18:49 CDT

Original text of this message