Yeah that is also not a bad idea. I have gone back and forth on developer
access in production. We have so many custom applications and as a DBA I
was spending a lot of time just supporting a lot of stuff that I am not
always the expert on. So I gave up some permissions to some people, but at
the same time I am not a big fan of production access. No so much cause of
security because that stuff we don't or is limited to allowed users but
more so just to ensure performance of production and so someone doesn't run
some bad query are take the database down. Sure sometimes that can be
prevented with resource limits, if you set it up correctly.
On Wed, Nov 2, 2016 at 11:53 AM, j_akins <j_akins@xxxxxxxxx> wrote:
Why not allow read access to their data, ssecurity? Why go through that
trouble for possibly simple queries? Just create a service for them and
apply resource limits.
Sent from my Sprint Samsung Galaxy S6 edge+.
-------- Original message --------
From: Jeff Chirco <backseatdba@xxxxxxxxx>
Date: 11/2/16 1:47 PM (GMT-05:00)
To: oracle-l@xxxxxxxxxxxxx
Subject: Active Data Guard with additional permissions
I have developers that are always asking for production query access. I
was thinking I could setup an Active Data Guard instance, and since one of
the benefits is to use ADG as a read only reporting database. However I
don't want users to have select permissions on the tables in primary, only
the standby. Unless I am wrong I don't believe you can issues grants in a
physical standby database.
Does anybody have some other creative solution to this? I was thinking
maybe issuing the grants to a non default role and if possible attach a
some kind of trigger that would run on a SET ROLE command and then check if
the instance was primary or not and then allow or not the set role
command. You think this is possible? Or something else?
Thanks,
Jeff
