Thanks all ... The problem doesn't end here ... the requirements (loosely specified) are as follows
1. Developers and end users can access production ONLY through FORMS APPLICATION. 2. End users can't get to sqlplus so I am not even worried about that. It is developers that I am worried about. 3. Enabling roles at runtime is an option as long as we are not talking about reports. We use SQR and Oracle reports, a reports agent looks up requests and creates shell files on Unix server which are then scheduled to run. This scheme should work there as well. 4. How about people accessing tables through db links? I don't think there is a 100% proof method, but basically I want to be able to restrict developers accessing the instance except through forms application. Dropping developer's accounts is not an option. I thought over it, discussed it with my senior DBAs and finally I am turning to you guys. All the suggestions are helpful but I'd like to avoid as many loose ends as possible. Thanks in advance Raj ______________________________________________________ Rajendra Jamadagni MIS, ESPN Inc. Rajendra dot Jamadagni at ESPN dot com Any opinion expressed here is personal and doesn't reflect that of ESPN Inc. QOTD: Any clod can have facts, but having an opinion is an art!
*********************************************************************1 This e-mail message is confidential, intended only for the named recipient(s) above and may contain information that is privileged, attorney work product or exempt from disclosure under applicable law. If you have received this message in error, or are not the named recipient(s), please immediately notify corporate MIS at (860) 766-2000 and delete this e-mail message from your computer, Thank you. *********************************************************************1
