Re: CREATE DATABASE LINK privilege discussion

  • From: Subodh Deshpande <deshpande.subodh@xxxxxxxxx>
  • To: ChrisDavid.Taylor@xxxxxxxxxxxxxxx
  • Date: Tue, 1 Nov 2011 00:10:38 +0530

hello Chiris,
developer should not be given unnecessary access, privileges..referring
production objects from development boxes and vice versa is bad
practice..if tomorrow such referred object is changed/dropped your code or
application will be failed..or if user access privs are changed it will
create problems.avoid such things..

why the developer wants access to production, when development is going
on..this comes to my mind...
you should, give production data copy so that code on development can be
tested..and this is sufficient..
if the testcases are in place you do not require such privilege..you
require data to test..

if at all he/she is extremely pushy/touchy (do not know.whether bulley a
proper word..) give only select access on all the objects related to
production
if you have toad or some tool, give only create database link privilege to
a user and check, it gives other sensitive access, privileges to the
users..show it to your manager and ask him/her who is going to take the
responsibility of production data..

dba has to take some harsh descision and yes he suddenly become a guy who
is hard to work with..ignore it..stick to it..if it is required..
thanks and take care..subodh

On 29 October 2011 20:50, Taylor, Chris David <
ChrisDavid.Taylor@xxxxxxxxxxxxxxx> wrote:

> I am curious how many of you grant your developers the 'CREATE DATABASE
> LINK' privilege in 10g or higher?
> We have a production read-only account that is setup to provide support
> for troubleshooting production support issues and one of my developers (out
> of approximately 20 devs) created a database link from a development
> database to production for his application.
>
> Now, this is fast becoming an issue and he keeps complaining that he needs
> that privilege and that he should be able to create as many database links
> as he wants - wherever he wants (for those environments he has access to
> including the production support ID).
>
> We (as an organization) have been sloppy in the past in granting 'CREATE
> DATABASE LINK' but thankfully we have developers who normally understand
> that you shouldn't use it to create links to a production support id for
> app dev.
>
> So how do you handle it?  Is there a good document on what privs app devs
> should 'typically' have?  A good industry standards doc or some such?
>
> Thanks,
>
> Chris Taylor
> Sr. Oracle DBA
> Ingram Barge Company
> Nashville, TN 37205
>
> "Quality is never an accident; it is always the result of intelligent
> effort."
> -- John Ruskin (English Writer 1819-1900)
>
> CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential
> and may also be privileged. If you are not the named recipient, please
> notify the sender immediately and delete the contents of this message
> without disclosing the contents to anyone, using them for any purpose, or
> storing or copying the information on any medium.
>
>
> --
> //www.freelists.org/webpage/oracle-l
>
>
>


-- 
=============================================
TRUTH WINS AT LAST, DO NOT FORGET TO SMILE TODAY
=============================================


--
//www.freelists.org/webpage/oracle-l


Other related posts: