Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Using TOAD on production databases

RE: Using TOAD on production databases

From: Raj Jamadagni <rjamya_at_yahoo.com>
Date: Tue, 17 Aug 2004 01:46:46 -0700 (PDT)
Message-ID: <20040817084646.59975.qmail@web50007.mail.yahoo.com> 





Good, once that is cleared up, remember that TOAD obeys all roles and oracle privs. 
 


Raj


"Potluri, Venu (IDS AIS SE)" <venu_potluri_at_ml.com> wrote:
The only system privilege my developers have is create session. PERIOD.
Nobody gets anything else.



We do grant roles that give SELECT access to some tables. We don't grant
any insert, update, delete privileges to any roles.



So, lets say the developer has valid reason to access production data
and has SELECT privilege on some tables, what exactly does TOAD give
this developer above and beyond what I give him as a DBA?






-----Original Message-----


From: oracle-l-bounce_at_freelists.org


[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Raj Jamadagni
Sent: Monday, August 16, 2004 6:29 PM


To: oracle-l_at_freelists.org


Subject: Re: Using TOAD on production databases



There are many words in your first statement that are an security
auditor's dream. I bet Pete F.


is using mapquest to find fastest route to your office right now.



So, let me get this straight, ON PRODUCTION database you are worried
that developers accessing


SYS/SYSTEM objects so you will block them. Great. But you don't have a
problem if they acces


production data?? Sarbanes-Oxley ... and I think you work for a BIG
financial company right??=20



Developers shouldn't be connecting to production database without a
valid reason ... period. And


no metter which site writes what, the only way to incorporate security
is to use TOAD security.=20


RTFM the TOAD stuff, it is all explained there.



BTW don't give me any roles but grant me 'execute any procedure' and
give me 2 minutes, I'll


probably be able to revoke all your roles ... least I'll grant myself
DBA role ...



Raj






> Is there any problem with developers using Quest Software's TOAD on

> production databases? Regardless of the functionality in TOAD, a

> developer shouldn't be able to use the DBA functionality in TOAD,

> correct? We grant roles to developers and those roles never include

any


> privilesges on SYSTEM or SYS owned objects. What made me ask this

> question is a script on www.orafaq.com that shows a way to prevent

> developers from using TOAD on production databases. Any thoughts are

> appreciated.


>=20




> Venu Potluri

> Oracle Financials DBA=20

> --------------------------------------------------------

> =20

> If you are not an intended recipient of this e-mail, please notify the

sender, delete it and do


> not read, act upon, print, disclose, copy, retain or redistribute it.

Click here for important


> additional terms relating to this e-mail.

http://www.ml.com/email_terms/=20


> --------------------------------------------------------

> =20


>=20


> ----------------------------------------------------------------



> Please see the official ORACLE-L FAQ: http://www.orafaq.com

> ----------------------------------------------------------------

> To unsubscribe send email to: oracle-l-request_at_freelists.org

> put 'unsubscribe' in the subject line.

> --

> Archives are at http://www.freelists.org/archives/oracle-l/

> FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html

> -----------------------------------------------------------------

>=20




=3D=3D=3D=3D=3D


Best Regards


Raj




select mandatory_disclaimer from company_requirements;




=09




Do you Yahoo!?


Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail=20




Please see the official ORACLE-L FAQ: http://www.orafaq.com




To unsubscribe send email to: oracle-l-request_at_freelists.org
put 'unsubscribe' in the subject line.

--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------=20
--------------------------------------------------------
=20
If you are not an intended recipient of this e-mail, please notify the =
sender, delete it and do not read, act upon, print, disclose, copy, =
retain or redistribute it. Click here for important additional terms =
relating to this e-mail. http://www.ml.com/email_terms/=20
--------------------------------------------------------
=20
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request_at_freelists.org
put 'unsubscribe' in the subject line.
--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------


Best Regards
Raj
---------------------------------------------------------
select mandatory_disclaimer from company_requirements;
		
---------------------------------
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!

----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to:  oracle-l-request_at_freelists.org
put 'unsubscribe' in the subject line.
--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------


Received on Tue Aug 17 2004 - 03:42:24 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US