| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Managing developers recommendations
Fred,
Not sure where you are at, but if you are in U.S. and your company is
publicly traded, you need to enact the security changes immediately.
This openness actually will fall under S-Ox auditing. Not only is a bad
thing for the prod db to be that open, but it can also put CEO, CIO into
orange jumpsuits. Again it only applies if you work for a public U.S.
company.
Rodd
Fred Smith wrote:
> Unfortunately that is true, I just started here and my first order of
> business is to attempt to create some order out of this chaos.
> Currently, all developers log in as the same user (the user who owns
> all of the tables/objects of the application). My fear is that if all
> developers use this account with TOAD, they will "accidentally" drop
> important objects left-and-right.
>
> Ideally I want to hold off on releasing TOAD to developers until I can
> lock down the development arena by doing as you said ... creating
> individual developer accounts.
>
> I was just wondering if there is any interim solution such as a
> trimmed-down TOAD version.
>
> (Unfortunately getting every developer to use an individual deverloper
> account is not an overnight process around here, there are dozens of
> cron jobs that run with a hardcoded username/password, etc.) So all
> of those processes will need to be changed so everyone can't just
> login and see the individual accounts.
>
> Thanks for all the tips, you are adding to my arsenal of reasons that
> justify my objective of creating some order around here!!
>
> -Fred S.
-- Rodd Holman Enterprise Data Systems Engineer LodgeNet Entertainment Corporation rodd.holman_at_gmail.com -- http://www.freelists.org/webpage/oracle-lReceived on Thu Oct 13 2005 - 10:02:07 CDT
 |
 |