RE: Back and a Question

Hey Raj,
 
Sounds like a very nice solution and implmentation.
 

-- 
Mark J. Bobak 
Senior Oracle Architect 
ProQuest Information & Learning 

Ours is the age that is proud of machines that can think and suspicious
of men who try to.  --H. Mumford Jones, 1892-1980

 

________________________________

From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of rjamya
Sent: Wednesday, August 16, 2006 2:11 PM
To: dbvision@xxxxxxxxxxxx
Cc: oracle-l
Subject: Re: Back and a Question


We had that too. So I wrote an (htmldb) application where users go
request acess to production. Their manager may or may not grant it. If
granted, the automated process unlocks account sends the password to the
developer and grants a 2 hour window. 15 minutes before it sends an
automated email telling them the acces will be cut off at set time. At
the end time, it goes in, kills any active sessions, locks the account.
Of course through a db trigger all developer sessions are traced at
level 8. We store these trace files for upto 180 days. This was
documented as a control for SOX, auditors blessed it and we are happy
with it. 

Raj


On 8/16/06, Nuno Souto <dbvision@xxxxxxxxxxxx> wrote: 

        From where I stand, it's exactly like Ryan described:
        we got SOx-audited last year and again this year and in both
        occasions access to production by developers came up as an
        absolute no-no and something we simply cannot allow. 
        Which I tend to agree with, BTW.  ;-)

Other related posts: