Re: Active Data Guard with additional permissions

Yeah that is also not a bad idea. I have gone back and forth on developer access in production. We have so many custom applications and as a DBA I was spending a lot of time just supporting a lot of stuff that I am not always the expert on. So I gave up some permissions to some people, but at the same time I am not a big fan of production access. No so much cause of security because that stuff we don't or is limited to allowed users but more so just to ensure performance of production and so someone doesn't run some bad query are take the database down. Sure sometimes that can be prevented with resource limits, if you set it up correctly.

On Wed, Nov 2, 2016 at 11:53 AM, j_akins <j_akins_at_nc.rr.com> wrote:

> Why not allow read access to their data, ssecurity? Why go through that
> trouble for possibly simple queries? Just create a service for them and
> apply resource limits.
>
>
>
> Sent from my Sprint Samsung Galaxy S6 edge+.
>
> -------- Original message --------
> From: Jeff Chirco <backseatdba_at_gmail.com>
> Date: 11/2/16 1:47 PM (GMT-05:00)
> To: oracle-l_at_freelists.org
> Subject: Active Data Guard with additional permissions
>
> I have developers that are always asking for production query access. I
> was thinking I could setup an Active Data Guard instance, and since one of
> the benefits is to use ADG as a read only reporting database. However I
> don't want users to have select permissions on the tables in primary, only
> the standby. Unless I am wrong I don't believe you can issues grants in a
> physical standby database.
>
> Does anybody have some other creative solution to this? I was thinking
> maybe issuing the grants to a non default role and if possible attach a
> some kind of trigger that would run on a SET ROLE command and then check if
> the instance was primary or not and then allow or not the set role
> command. You think this is possible? Or something else?
>
> Thanks,
> Jeff
>

--
http://www.freelists.org/webpage/oracle-l