Re: Read Only User

• From: Charlotte Hammond <charlottejanehammond@xxxxxxxxx>
• To: ORACLE-L <oracle-l@xxxxxxxxxxxxx>
• Date: Sun, 19 Dec 2004 14:25:59 -0800 (PST)

Hi Raj,
 
Obviously this would be ideal but is simply not possible in all environments.  
We have a "packaged" database application which is deployed out to dozens of 
customer sites, many in the back-end of nowhere around the globe.  Often it's a 
struggle to get 2 tin cans and a piece of string to dial-in at top speed of 
2bits/hour, never mind copying it off anywhere.  Even if we could, we cannot 
concurrently host copies of live environments for every production site which 
might raise a support call - our hardware budget would go ballistic!  Add to 
that contractual restrictions, byzantine bureaucratic requirements for gaining 
access, and data protection rules and laws of a whole bunch of different 
companies and governments.
 
Sounds like you've got it easy there :-)
 
- Charlotte

rjamya <rjamya@xxxxxxxxx> wrote:
 
We make two copies of production databases to developers every day.
One is specifically meant for application support to debug issues,
second one to let developers run their monthly release scripts. Our SA
with our help wrote a perl script that takes source and dest database
and takes care of _everything_.
This works far better than lettign developers into production
databases. Of course the refreshes include scrambling sensitive data.
Raj

Charlotte Hammond <charlottejanehammond@xxxxxxxxx> wrote:
Hi John,

Thanks for suggesting FGAC - that hadn't occurred to me, but I guess I could 
simply set up a policy function along the lines of 
'sys_context('USERENV','SESSION_USER') != READONLYUSER' and add it for 
statement types insert, update and delete on all tables. And then allow a 
free-for-all on executing the packages.

I guess this is similar in principle to Mark Bobak's suggestion - to allow the 
PL/SQL access but block any actual DML that is attempted, only using DBMS_RLS 
instead of triggers. Stephane Faroult is trying to persuade me that the impact 
using triggers won't be that great - and I'll believe him! - but I'd be 
comfortable using DBMS_RLS as we had it on an other similar system and it 
didn't have any noticeable performance hit.

Thanks to everyone who responded, all much appreciated!

- Charlotte

On Thu, 16 Dec 2004 08:45 , John Shaw sent:


The ever popular fine grain access 

[... details snipped ... ]



---------------------------------
Do you Yahoo!?
Yahoo! Mail - Find what you need with new enhanced search. Learn more.

--
//www.freelists.org/webpage/oracle-l

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

                
---------------------------------
Do you Yahoo!?
 Yahoo! Mail - 250MB free storage. Do more. Manage less.

--
//www.freelists.org/webpage/oracle-l

Other related posts:

• » Read Only User
• » RE: Read Only User
• » RE: Read Only User
• » Re: Read Only User
• » RE: Read Only User
• » RE: Read Only User
• » RE: Read Only User
• » Re: Read Only User
• » RE: Read Only User
• » Re: Read Only User
• » Re: Read Only User
• » Re: Read Only User
• » RE: Read Only User
• » RE: Read Only User
• » RE: Read Only User
• » RE: Read Only User
• » RE: Read Only User
• » RE: Read Only User
• » RE: Read Only User
• » RE: Read Only User
• » Re: Read Only User
• » Re: Read Only User
• » RE: Read Only User
• » Re: Read Only User
• » RE: Read Only User
• » RE: Read Only User
• » Re: Read Only User
• » Re: Read Only User

1. Home
2. oracle-l
3. Archive
4. 12-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---