Hi Raj,
Obviously this would be ideal but is simply not possible in all environments.
We have a "packaged" database application which is deployed out to dozens of
customer sites, many in the back-end of nowhere around the globe. Often it's a
struggle to get 2 tin cans and a piece of string to dial-in at top speed of
2bits/hour, never mind copying it off anywhere. Even if we could, we cannot
concurrently host copies of live environments for every production site which
might raise a support call - our hardware budget would go ballistic! Add to
that contractual restrictions, byzantine bureaucratic requirements for gaining
access, and data protection rules and laws of a whole bunch of different
companies and governments.
Sounds like you've got it easy there :-)
- Charlotte
rjamya <rjamya@xxxxxxxxx> wrote:
We make two copies of production databases to developers every day.
One is specifically meant for application support to debug issues,
second one to let developers run their monthly release scripts. Our SA
with our help wrote a perl script that takes source and dest database
and takes care of _everything_.
This works far better than lettign developers into production
databases. Of course the refreshes include scrambling sensitive data.
Raj
Charlotte Hammond <charlottejanehammond@xxxxxxxxx> wrote:
Hi John,
Thanks for suggesting FGAC - that hadn't occurred to me, but I guess I could
simply set up a policy function along the lines of
'sys_context('USERENV','SESSION_USER') != READONLYUSER' and add it for
statement types insert, update and delete on all tables. And then allow a
free-for-all on executing the packages.
I guess this is similar in principle to Mark Bobak's suggestion - to allow the
PL/SQL access but block any actual DML that is attempted, only using DBMS_RLS
instead of triggers. Stephane Faroult is trying to persuade me that the impact
using triggers won't be that great - and I'll believe him! - but I'd be
comfortable using DBMS_RLS as we had it on an other similar system and it
didn't have any noticeable performance hit.
Thanks to everyone who responded, all much appreciated!
- Charlotte
On Thu, 16 Dec 2004 08:45 , John Shaw sent:
The ever popular fine grain access
[... details snipped ... ]
---------------------------------
Do you Yahoo!?
Yahoo! Mail - Find what you need with new enhanced search. Learn more.
--
http://www.freelists.org/webpage/oracle-l
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------
Do you Yahoo!?
Yahoo! Mail - 250MB free storage. Do more. Manage less.
--
http://www.freelists.org/webpage/oracle-l