Re: Managing developers recommendations

On 10/12/05, Fred Smith <fred_fred_1_at_hotmail.com> wrote:
>
> Hi all,
> My developers (who currently just use SQL Plus) now are wanting to use
> Quest TOAD. From what I've used it in the past, it is far too powerful for
> developers. (I don't trust my developers with creating tablespaces, etc.).
>
> Plus, I've found that TOAD is far too easy to delete objects, etc.
> Any recommendations, etc would greatly be appreciated!
> -Fred S.

Fred,

Concerning TOAD as a specific developer tool, it does require (IMHO) excessive permissions to be effective. Your developers will want to have dictionary privileges, as well as "execute any procedure" and "alter any procedure" to even view source code via the PL/SQL editor.

Grant them that via a role in development.

Put up DDL triggers to block them actually altering the app schema for certain operations.
Do not under any circumstances allow them into production with any tool. (or throw out the qualifier that you're not responsible for what they do in production if they are allowed in ... other than you'll do your best to recover the database in a media recovery frame of reference).

That leaves the battle in QA.
Think DMZ between North and South Korea. Think "unwinable battle".
After you lose the battle for sys_privs in QA, use DDL triggers to block changes being made in QA.

hth.

Paul

--
http://www.freelists.org/webpage/oracle-l