RE: Authorete

  • From: "John Flack" <JohnF@xxxxxxxx>
  • To: <oracle-l@xxxxxxxxxxxxx>
  • Date: Fri, 12 Mar 2004 08:45:48 -0500

I'm trying to get a handle on exactly what you want the programmers to be able 
to do, and what you don't want them able to do.
 
If you are just trying to keep them from doing DDL, then you give them all 
their own user accounts, create and grant a "programmer" role with SELECT, 
INSERT, UPDATE and DELETE on the tables.  The tables are owned by a separate 
application schema to which only you have the password.  It might not even have 
the connect privilege.
 
Want to limit the rows on which they may operate too?  Look into Vitual Private 
Database.
 
Want to give them limited and highly controlled access to DDL?  Create a DDL 
package in the application schema with procedures that do EXECUTE IMMEDIATE 
commands for each DDL that you want to allow, then grant the programmer role 
EXECUTE on the package.  You can add all kinds of code to control exactly what 
they can do, and even have it e-mail you every time they use it, to let you 
know what they are up to.

-----Original Message-----
From: April Wells [mailto:AWells@xxxxxxxxxx]
Sent: Friday, March 12, 2004 7:49 AM
To: 'oracle-l@xxxxxxxxxxxxx'
Subject: RE: Authorete


Ya know, I was thinking maybe adopting the idea of medieval times... if you get 
caught screwing around with the tables, I cut off your fingers... but there is 
this company policy against bodily harm against programmers... the SPCA comes 
around and fines you for hurting dumb animals... 
 
This was safer.  
 
 
 

April Wells 
Oracle DBA/Oracle Apps DBA 
Corporate Systems 
Amarillo Texas 
 @>-->-->-- 
"Few people really enjoy the simple pleasure of flying a kite" 
Adam Wells age 11 
"Imagination is the highest kite one can fly." 
Lauren Bacall 

-----Original Message-----
From: Goulet, Dick [mailto:DGoulet@xxxxxxxx]
Sent: Thursday, March 11, 2004 3:26 PM
To: oracle-l@xxxxxxxxxxxxx
Subject: RE: Authorete


Shackles work very well in that case.  Possibly you could borrow a few pairs of 
handcuffs from the local police department!!  *-)
 

Dick Goulet
Senior Oracle DBA
Oracle Certified 8i DBA 

-----Original Message-----
From: April Wells [mailto:AWells@xxxxxxxxxx]
Sent: Thursday, March 11, 2004 3:08 PM
To: oracle-l@xxxxxxxxxxxxx
Subject: RE: Authorete


no, I don't think that will give me what I'm really after... 
 
The idea is to tie the hands of the programmers to such an extent that I KNOW 
what they can and can not do... and how bad they can put me in a bind.

Other related posts:

  1. Home
  2. oracle-l
  3. Archive
  4. 03-2004