RE: Using TOAD on production databases

• From: "Potluri, Venu (IDS AIS SE)" <venu_potluri@xxxxxx>
• To: <oracle-l@xxxxxxxxxxxxx>
• Date: Mon, 16 Aug 2004 20:06:57 -0400

The only system privilege my developers have is create session. PERIOD.
Nobody gets anything else.

We do grant roles that give SELECT access to some tables. We don't grant
any insert, update, delete privileges to any roles.

So, lets say the developer has valid reason to access production data
and has SELECT privilege on some tables, what exactly does TOAD give
this developer above and beyond what I give him as a DBA?




-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Raj Jamadagni
Sent: Monday, August 16, 2004 6:29 PM
To: oracle-l@xxxxxxxxxxxxx
Subject: Re: Using TOAD on production databases

There are many words in your first statement that are an security
auditor's dream. I bet Pete F.
is using mapquest to find fastest route to your office right now.

So, let me get this straight, ON PRODUCTION database you are worried
that developers accessing
SYS/SYSTEM objects so you will block them. Great. But you don't have a
problem if they acces
production data?? Sarbanes-Oxley ... and I think you work for a BIG
financial company right??=20

Developers shouldn't be connecting to production database without a
valid reason ... period. And
no metter which site writes what, the only way to incorporate security
is to use TOAD security.=20
RTFM the TOAD stuff, it is all explained there.

BTW don't give me any roles but grant me 'execute any procedure' and
give me 2 minutes, I'll
probably be able to revoke all your roles ... least I'll grant myself
DBA role ...

Raj

--- "Potluri, Venu (IDS AIS SE)" <venu_potluri@xxxxxx> wrote:

> Is there any problem with developers using Quest Software's TOAD on
> production databases? Regardless of the functionality in TOAD, a
> developer shouldn't be able to use the DBA functionality in TOAD,
> correct? We grant roles to developers and those roles never include
any
> privilesges on SYSTEM or SYS owned objects. What made me ask this
> question is a script on www.orafaq.com that shows a way to prevent
> developers from using TOAD on production databases. Any thoughts are
> appreciated.
>=20
> Venu Potluri
> Oracle Financials DBA=20
> --------------------------------------------------------
> =20
> If you are not an intended recipient of this e-mail, please notify the
sender, delete it and do
> not read, act upon, print, disclose, copy, retain or redistribute it.
Click here for important
> additional terms relating to this e-mail.
http://www.ml.com/email_terms/=20
> --------------------------------------------------------
> =20
>=20
> ----------------------------------------------------------------
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> ----------------------------------------------------------------
> To unsubscribe send email to:  oracle-l-request@xxxxxxxxxxxxx
> put 'unsubscribe' in the subject line.
> --
> Archives are at //www.freelists.org/archives/oracle-l/
> FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
> -----------------------------------------------------------------
>=20


=3D=3D=3D=3D=3D
Best Regards
Raj
---------------------------------------------------------
select mandatory_disclaimer from company_requirements;


        =09
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail=20
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to:  oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------=20
--------------------------------------------------------
=20
If you are not an intended recipient of this e-mail, please notify the =
sender, delete it and do not read, act upon, print, disclose, copy, =
retain or redistribute it. Click here for important additional terms =
relating to this e-mail.     http://www.ml.com/email_terms/=20
--------------------------------------------------------
=20
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to:  oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------

• Follow-Ups:
  • RE: Using TOAD on production databases
    • From: Raj Jamadagni

Other related posts:

• » Using TOAD on production databases
• » RE: Using TOAD on production databases
• » RE: Using TOAD on production databases
• » Re: Using TOAD on production databases
• » Re: Using TOAD on production databases
• » RE: Using TOAD on production databases
• » RE: Using TOAD on production databases
• » RE: Using TOAD on production databases
• » RE: Using TOAD on production databases
• » RE: Using TOAD on production databases
• » RE: Using TOAD on production databases
• » RE: Using TOAD on production databases
• » RE: Using TOAD on production databases
• » RE: Using TOAD on production databases
• » RE: Using TOAD on production databases
• » RE: Using TOAD on production databases
• » RE: Using TOAD on production databases
• » RE: Using TOAD on production databases

1. Home
2. oracle-l
3. Archive
4. 08-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---