Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Read Only User

Re: Read Only User

From: Charlotte Hammond <charlottejanehammond_at_yahoo.com>
Date: Sun, 19 Dec 2004 14:25:59 -0800 (PST)
Message-ID: <20041219222559.43832.qmail@web20706.mail.yahoo.com> 





Hi Raj,
 


Obviously this would be ideal but is simply not possible in all environments.  We have a "packaged" database application which is deployed out to dozens of customer sites, many in the back-end of nowhere around the globe.  Often it's a struggle to get 2 tin cans and a piece of string to dial-in at top speed of 2bits/hour, never mind copying it off anywhere.  Even if we could, we cannot concurrently host copies of live environments for every production site which might raise a support call - our hardware budget would go ballistic!  Add to that contractual restrictions, byzantine bureaucratic requirements for gaining access, and data protection rules and laws of a whole bunch of different companies and governments.
 


Sounds like you've got it easy there :-)
 





rjamya <rjamya_at_gmail.com> wrote:
 


We make two copies of production databases to developers every day.
One is specifically meant for application support to debug issues,
second one to let developers run their monthly release scripts. Our SA
with our help wrote a perl script that takes source and dest database
and takes care of _everything_.


This works far better than lettign developers into production
databases. Of course the refreshes include scrambling sensitive data.
Raj



Charlotte Hammond <charlottejanehammond_at_yahoo.com> wrote:
Hi John,



Thanks for suggesting FGAC - that hadn't occurred to me, but I guess I could simply set up a policy function along the lines of 'sys_context('USERENV','SESSION_USER') != READONLYUSER' and add it for statement types insert, update and delete on all tables. And then allow a free-for-all on executing the packages.



I guess this is similar in principle to Mark Bobak's suggestion - to allow the PL/SQL access but block any actual DML that is attempted, only using DBMS_RLS instead of triggers. Stephane Faroult is trying to persuade me that the impact using triggers won't be that great - and I'll believe him! - but I'd be comfortable using DBMS_RLS as we had it on an other similar system and it didn't have any noticeable performance hit.



Thanks to everyone who responded, all much appreciated!






On Thu, 16 Dec 2004 08:45 , John Shaw sent:




The ever popular fine grain access 



[... details snipped ... ]







Do you Yahoo!?


Yahoo! Mail - Find what you need with new enhanced search. Learn more.


--
http://www.freelists.org/webpage/oracle-l

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

		
---------------------------------
Do you Yahoo!?
 Yahoo! Mail - 250MB free storage. Do more. Manage less.

--
http://www.freelists.org/webpage/oracle-l


Received on Sun Dec 19 2004 - 16:26:21 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US