In article <OF0DC352ED.0E879B05-ON86256ED7.007812C1-86256ED7.00792D40@ip c.us.aexp.com>, Tracy Rahmlow <tracy.rahmlow@xxxxxxxx> writes >Currently, our IS support staff have full access to the production >database. To minimize risk and to satisfy audit concerns, we need to >address the issue. Preferably as automated as possible. Does a tool >exist, whereby a support staff member could request update access on table >abc for x hours and then have the request forwarded for approval and then >implemented? The access would then be automatically revoked after the >timeout period. Auditing would be invoked, blah, blah, blah.... Any >thoughts?? Hi Tracy, There is a commercial product from OR Solutions called "Trusted Orange" that works on an authorisation server, all access to the database is in effect submitted to the authorisation server first and some member of the authorisation team approves it. If its approved the users SQL is sent to the database for execution. Its quite an interesting idea for a product. I don't know if DDL can be controlled, i suspect it can. I have looked at the documentation for this product about 1 year ago but not seen it in real life. I don't remember the URL off hand but there is a link on my tools page http://www.petefinnigan.com/tools.htm - it may be of interest. Of course a home grown solution to your issue could be created as well. kind regards Pete -- Pete Finnigan email:pete@xxxxxxxxxxxxxxxx Web site: http://www.petefinnigan.com - Oracle security audit specialists Book:Oracle security step-by-step Guide - see http://store.sans.org for details. ---------------------------------------------------------------- Please see the official ORACLE-L FAQ: http://www.orafaq.com ---------------------------------------------------------------- To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx put 'unsubscribe' in the subject line. -- Archives are at //www.freelists.org/archives/oracle-l/ FAQ is at //www.freelists.org/help/fom-serve/cache/1.html -----------------------------------------------------------------