Re: Using TOAD on production databases

  • From: rstevenson@xxxxxxxxxxxxxx
  • To: oracle-l@xxxxxxxxxxxxx
  • Date: Mon, 16 Aug 2004 18:02:54 -0500

The production issue is one of the main reasons we developed our freeware tool 
SchemaSurf (the other requirement being web-based).  Although it doesn't claim 
anywhere near-like the industrial strength that Toad has, it does provide 
developers with read-only access to production data/models.  TOAD is a great 
tool, but with Sarbanes-Oxley, it's critical that appropriate procedures are in 
place (so we can all go break them!) 

SchemaSurf has been installed in more than 50 countries, and we had numerous 
folks at OAUG shows etc tell us that they use TOAD for dev/test and SchemaSurf 
for prod.  Made their management very happy .... and DBA's were able to control 
access via tns/name servers etc. since SchemaSurf doesn't use SQL*Net/Net8.

It's at for anyone interested.


Richard J Stevenson
CobbleSoft International Ltd.
US/Can Toll-Free: 866-380-6716
International: +1 315 548 5810

On Mon, 16 Aug 2004 15:29:28 -0700 (PDT), Raj Jamadagni <rjamya@xxxxxxxxx> 

> There are many words in your first statement that are an security auditor's 
> dream. I bet Pete F.
> is using mapquest to find fastest route to your office right now.
> So, let me get this straight, ON PRODUCTION database you are worried that 
> developers accessing
> SYS/SYSTEM objects so you will block them. Great. But you don't have a 
> problem if they acces
> production data?? Sarbanes-Oxley ... and I think you work for a BIG financial 
> company right?? 
> Developers shouldn't be connecting to production database without a valid 
> reason ... period. And
> no metter which site writes what, the only way to incorporate security is to 
> use TOAD security. 
> RTFM the TOAD stuff, it is all explained there.
> BTW don't give me any roles but grant me 'execute any procedure' and give me 
> 2 minutes, I'll
> probably be able to revoke all your roles ... least I'll grant myself DBA 
> role ...
> Raj
Please see the official ORACLE-L FAQ:
To unsubscribe send email to:  oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
Archives are at
FAQ is at

Other related posts: