Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: developer privs in development (old thread inaccessible)

Re: developer privs in development (old thread inaccessible)

From: Daniel Morgan <damorgan_at_x.washington.edu>
Date: Wed, 10 Dec 2003 09:05:41 -0800
Message-ID: <1071075975.246728@yasure> 





Ryan Gaffuri wrote:



<lots of snipping>



Had an interesting experience in class last night I think many of you 
will find instructive.



I was explaining to students the fact that the roles CONNECT, RESOURCE, 
and DBA should never be granted to anyone on an Oracle system and how 
they should create their own application-organization specific roles 
with combinations of system and object privileges.



Based on our discussion, almost all of of the students are developers 
and DBAs, it became apparent that part of the problem is these three roles.



Most DBAs still assign them and thus never really take the time to 
create a granularity appropriate to the actual needs of the team. They 
give themselves the DBA role and something think, based on its name, it 
is inappropriate or dangerous in the hands of developers. What they 
should more properly realize is that it contains privileges irrelevant 
to DBAs too. DBA roles should be created, just like end-user an 
developer roles to ONLY enable those privileges actually required.


-- 
Daniel Morgan
http://www.outreach.washington.edu/ext/certificates/oad/oad_crs.asp
http://www.outreach.washington.edu/ext/certificates/aoa/aoa_crs.asp
damorgan_at_x.washington.edu
(replace 'x' with a 'u' to reply)


Received on Wed Dec 10 2003 - 11:05:41 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US