The production issue is one of the main reasons we developed our freeware tool SchemaSurf (the other requirement being web-based). Although it doesn't claim anywhere near-like the industrial strength that Toad has, it does provide developers with read-only access to production data/models. TOAD is a great tool, but with Sarbanes-Oxley, it's critical that appropriate procedures are in place (so we can all go break them!) SchemaSurf has been installed in more than 50 countries, and we had numerous folks at OAUG shows etc tell us that they use TOAD for dev/test and SchemaSurf for prod. Made their management very happy .... and DBA's were able to control access via tns/name servers etc. since SchemaSurf doesn't use SQL*Net/Net8. It's at http://www.cobblesoft.com/schemasurf/ for anyone interested. Regards, Richard J Stevenson CobbleSoft International Ltd. www.cobblesoft.com US/Can Toll-Free: 866-380-6716 International: +1 315 548 5810 ------------------------------------------------ On Mon, 16 Aug 2004 15:29:28 -0700 (PDT), Raj Jamadagni <rjamya@xxxxxxxxx> wrote: > There are many words in your first statement that are an security auditor's > dream. I bet Pete F. > is using mapquest to find fastest route to your office right now. > > So, let me get this straight, ON PRODUCTION database you are worried that > developers accessing > SYS/SYSTEM objects so you will block them. Great. But you don't have a > problem if they acces > production data?? Sarbanes-Oxley ... and I think you work for a BIG financial > company right?? > > Developers shouldn't be connecting to production database without a valid > reason ... period. And > no metter which site writes what, the only way to incorporate security is to > use TOAD security. > RTFM the TOAD stuff, it is all explained there. > > BTW don't give me any roles but grant me 'execute any procedure' and give me > 2 minutes, I'll > probably be able to revoke all your roles ... least I'll grant myself DBA > role ... > > Raj ---------------------------------------------------------------- Please see the official ORACLE-L FAQ: http://www.orafaq.com ---------------------------------------------------------------- To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx put 'unsubscribe' in the subject line. -- Archives are at http://www.freelists.org/archives/oracle-l/ FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html -----------------------------------------------------------------