RE: Security/Accounts in an Oracle development environment
- From: "Rich Jesse" <rjoralist@xxxxxxxxxxxxxxxxxxxxx>
- To: paulastankus@xxxxxxxxx, oracle-l@xxxxxxxxxxxxx
- Date: Thu, 27 Dec 2007 16:50:33 -0600 (CST)
Hey Paula,
Since I'm dealing with SQL Server 2K and 2K5 now, I can tell you that
"easier" and "security model" don't necessarily mix, at least from the DBA's
perspective.
Have you thought about creating a proc/package in the app schema to manage
creation of the objects, since the proc would be invoked with owner's
rights? For security, there's still a level of trust you'll need if you
allow creation of procedures by this master procedure (e.g. dev could create
a procedure to grant them full access on any object in that schema), and you
should be able to find a few examples on the web. AUDIT is a good helper
here, too...
Just a suggestion. I used to be in the same boat you're in, but without the
ability to secure the app login password...
GL!
Rich
> Okay,
>
> Version: Oracle 8i - is it better in 10g???
> OS: Solaris
>
> This is driving me crazy and I cannot help thinking that SQL Server
> provides an easier security model.....
>
> In our development environment we set up schemas. Those schemas, of
> course, own all the objects associated with an application in a database.
>
> So, to provide read/write access (i.e. the ability to modify objects in
> that schema) the choices are:
>
> A-give that schema usercode/password (what if multiple developers?????) -
> we appoint an "application dba"
>
> B-give that person the ability to create any table, .... or any of the ***
> any privileges which to me is even worse.
>
> Is there an add-on, another option?
>
> Thanks,
> Paula
--
//www.freelists.org/webpage/oracle-l
Other related posts:
