Re: Managing developers recommendations
- From: Paul Drake <bdbafh@xxxxxxxxx>
- To: fred_fred_1@xxxxxxxxxxx
- Date: Wed, 12 Oct 2005 17:20:43 -0400
On 10/12/05, Fred Smith <fred_fred_1@xxxxxxxxxxx> wrote:
>
> Hi all,
> My developers (who currently just use SQL Plus) now are wanting to use
> Quest TOAD. From what I've used it in the past, it is far too powerful for
> developers. (I don't trust my developers with creating tablespaces, etc.).
>
> Plus, I've found that TOAD is far too easy to delete objects, etc.
> Any recommendations, etc would greatly be appreciated!
> -Fred S.
Fred,
Concerning TOAD as a specific developer tool, it does require (IMHO)
excessive permissions to be effective. Your developers will want to have
dictionary privileges, as well as "execute any procedure" and "alter any
procedure" to even view source code via the PL/SQL editor.
Grant them that via a role in development.
Put up DDL triggers to block them actually altering the app schema for
certain operations.
Do not under any circumstances allow them into production with any tool.
(or throw out the qualifier that you're not responsible for what they do in
production if they are allowed in ... other than you'll do your best to
recover the database in a media recovery frame of reference).
That leaves the battle in QA.
Think DMZ between North and South Korea.
Think "unwinable battle".
After you lose the battle for sys_privs in QA, use DDL triggers to block
changes being made in QA.
hth.
Paul
Other related posts:
