In my experience you sometimes have to provide the rope and the
appropriate people will hang themselves. In my current position I parse
the listener logs to determine access and over a period of time I have
been able to show that some of the developers abuse production access.|
Then you may have to inform your manager that as long as access like this is available to the developers that you cannot be held responsible if issues come up. You can reassure him/her that you will be very diligent but cannot guarantee that someone doesn't perform an unrecoverable action without some down time.
Most of the time when you put the responsibility at the management level they will panic. Now I have a logon trigger that prevents this access or traces the session if it doesn't come from the application server. Not the best security bu sufficient enough to inform the developers that you know what they are executing. Once they know they are being watched they are much better about going into production.
Just my .02 ;-)
Niall Litchfield wrote:
On 8/15/06, Jared Still <jkstill@xxxxxxxxx> wrote:-- http://www.freelists.org/webpage/oracle-l