Hey Raj,
Sounds like a very nice solution and implmentation.
--
Mark J. Bobak
Senior Oracle Architect
ProQuest Information & Learning
Ours is the age that is proud of machines that can think and suspicious
of men who try to. --H. Mumford Jones, 1892-1980
________________________________
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of rjamya
Sent: Wednesday, August 16, 2006 2:11 PM
To: dbvision_at_iinet.net.au
Cc: oracle-l
Subject: Re: Back and a Question
We had that too. So I wrote an (htmldb) application where users go
request acess to production. Their manager may or may not grant it. If
granted, the automated process unlocks account sends the password to the
developer and grants a 2 hour window. 15 minutes before it sends an
automated email telling them the acces will be cut off at set time. At
the end time, it goes in, kills any active sessions, locks the account.
Of course through a db trigger all developer sessions are traced at
level 8. We store these trace files for upto 180 days. This was
documented as a control for SOX, auditors blessed it and we are happy
with it.
Raj
On 8/16/06, Nuno Souto <dbvision_at_iinet.net.au> wrote:
From where I stand, it's exactly like Ryan described:
we got SOx-audited last year and again this year and in both
occasions access to production by developers came up as an
absolute no-no and something we simply cannot allow.
Which I tend to agree with, BTW. ;-)
--
http://www.freelists.org/webpage/oracle-l
Received on Wed Aug 16 2006 - 13:24:42 CDT
