| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: How to stop access to prod instance ...
Okay ...
We use Windows Terminal servers, so no users or developers can install anything as they all use thin clients. We can restrict privilege to sqlplus.exe so no one can even execute it. When end users log on to applications, they never see a desktop, they directly go to an application. Only project managers and above have laptops but can't install much as they local admin privileges are very restricted.
The main difficulty is in distinguishing how a developer connects to the database. Developer also have Unix accounts, so they connect using local connections and you can't identify if it is using sqlplus.
If I use the "enabling the roles after connect" approach, I am worried about oracle reports, sqr reports, access using db links etc. Also how would one restrict enabling the roles only when connected through FORMS and not otherwise? If I make it a stored package, I can always execute it from sells and then I get all the roles.
I think this discussion will finally yield an answer.
Thank You all for your inputs. I am saving all the replies so I can post a
summary later.
Raj
QOTD: Any clod can have facts, but having an opinion is an art!
*********************************************************************1
This e-mail message is confidential, intended only for the named recipient(s) above and may contain information that is privileged, attorney work product or exempt from disclosure under applicable law. If you have received this message in error, or are not the named recipient(s), please immediately notify corporate MIS at (860) 766-2000 and delete this e-mail message from your computer, Thank you.
*********************************************************************1
Received on Mon Jan 07 2002 - 07:42:35 CST
 |
 |