Re: DBA Privileges and Developers

• From: "Andrew Kerber" <andrew.kerber@xxxxxxxxx>
• To: nigel_cl_thomas@xxxxxxxxx
• Date: Fri, 1 Feb 2008 13:53:59 -0600

Amen to that.  And I did something that amounts to that at another place I
worked.  We made copies of the dba* views, cut out a few minor columns (like
password), and handed that to the developers under a different name.
Trivial work and everyone was happy.  I even received a special company
award for thinking of it...

On Feb 1, 2008 1:47 PM, Nigel Thomas <nigel_cl_thomas@xxxxxxxxx> wrote:

> Lisa
>
> I think the confusion comes because
> - auditors are worried about what the DBA can do
> - a developer is granted read access to some "DBA" views
> - therefore the auditor (or pointy-haired manager) assumes the developer
> can now do something evil that only a DBA should be allowed to do.
>
> If the DBA_ views were called DEV_ views, and the developer-useful v$
> views were packaged differently, I think a lot of these kind of
> misunderstandings would fade away.
>
> Ah well...
>
> Regards Nigel
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>


-- 
Andrew W. Kerber

'If at first you dont succeed, dont take up skydiving.'

• References:
  • Re: DBA Privileges and Developers
    • From: Nigel Thomas

Other related posts:

• » DBA Privileges and Developers
• » RE: DBA Privileges and Developers
• » Re: DBA Privileges and Developers
• » RE: DBA Privileges and Developers
• » Re: DBA Privileges and Developers
• » Re: DBA Privileges and Developers
• » Re: DBA Privileges and Developers

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page
• » View list details
• » Manage your subscription