RE: CREATE DATABASE LINK privilege discussion

  • From: "Taylor, Chris David" <ChrisDavid.Taylor@xxxxxxxxxxxxxxx>
  • To: 'Michael Dinh' <mdinh@xxxxxxxxx>, "'oracle-l@xxxxxxxxxxxxx'" <oracle-l@xxxxxxxxxxxxx>
  • Date: Sat, 29 Oct 2011 22:31:10 -0500

I'm in full agreement.  I'm fighting a losing battle it 'seems' with dev's 
manager too - which is weird.  It is exceedingly strange that 1 Dev complaining 
about not having access to Production data is reflecting negatively on my 
image/reputation.  Suddenly I becoming that "guy who is hard to work with" 
because I'm insistent that this shouldn't be done.

And for the very reasons you mentioned.  I even snapped a screenshot from Grid 
Control of the activity his session alone was generating.

Frustrating.

Chris Taylor
Sr. Oracle DBA
Ingram Barge Company
Nashville, TN 37205

"Quality is never an accident; it is always the result of intelligent effort."
-- John Ruskin (English Writer 1819-1900)

CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential and 
may also be privileged. If you are not the named recipient, please notify the 
sender immediately and delete the contents of this message without disclosing 
the contents to anyone, using them for any purpose, or storing or copying the 
information on any medium.


-----Original Message-----
From: Michael Dinh [mailto:mdinh@xxxxxxxxx] 
Sent: Saturday, October 29, 2011 10:48 AM
To: Taylor, Chris David; 'oracle-l@xxxxxxxxxxxxx'
Subject: RE: CREATE DATABASE LINK privilege discussion

If the developers fully understand the concept of database links other than 
just a simple connection from one database to another, then i would consider 
granting it to them, but they don't.

Database links connecting DEV/QA to PROD database with read only account can 
have impact on PROD if huge amount of data being copied.

Another downside is that the database links are not closed leaving the sessions 
still in PROD.

Data should be pushed to DEV from PROD and not pulled from PROD to DEV.

Just a thought.
________________________________________
From: oracle-l-bounce@xxxxxxxxxxxxx [oracle-l-bounce@xxxxxxxxxxxxx] On Behalf 
Of Taylor, Chris David [ChrisDavid.Taylor@xxxxxxxxxxxxxxx]
Sent: Saturday, October 29, 2011 8:20 AM
To: 'oracle-l@xxxxxxxxxxxxx'
Subject: CREATE DATABASE LINK privilege discussion

I am curious how many of you grant your developers the 'CREATE DATABASE LINK' 
privilege in 10g or higher?
We have a production read-only account that is setup to provide support for 
troubleshooting production support issues and one of my developers (out of 
approximately 20 devs) created a database link from a development database to 
production for his application.

Now, this is fast becoming an issue and he keeps complaining that he needs that 
privilege and that he should be able to create as many database links as he 
wants - wherever he wants (for those environments he has access to including 
the production support ID).

We (as an organization) have been sloppy in the past in granting 'CREATE 
DATABASE LINK' but thankfully we have developers who normally understand that 
you shouldn't use it to create links to a production support id for app dev.

So how do you handle it?  Is there a good document on what privs app devs 
should 'typically' have?  A good industry standards doc or some such?

Thanks,

Chris Taylor
Sr. Oracle DBA
Ingram Barge Company
Nashville, TN 37205

"Quality is never an accident; it is always the result of intelligent effort."
-- John Ruskin (English Writer 1819-1900)

CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential and 
may also be privileged. If you are not the named recipient, please notify the 
sender immediately and delete the contents of this message without disclosing 
the contents to anyone, using them for any purpose, or storing or copying the 
information on any medium.


--
//www.freelists.org/webpage/oracle-l




--
//www.freelists.org/webpage/oracle-l

Other related posts:

  1. Home
  2. oracle-l
  3. Archive
  4. 10-2011