In our shop, the APPS DBA runs traces as APPS. No one outside of the DBA group has the APPS password. We use Discoverer and Noetix Views for those users who have to look into the database outside of the application. Each user logs in as himself; the DBAs have created roles by business unit and the appropriate roles are granted to individual users. They then user Discoverer, ADI or Noetix Views to look at the data.
Developers are able to access development using SQL*Plus or Rapid SQL (name your product), logging onto our customization accounts or their individual IDs. They are not allowed to log on to the Oracle application schemas directly, for instance, GL, or APPS or FA; these are password protected. Again, we grant roles to developers and the customization accounts, which give them the proper privileges on the Oracle tables. In QA and Production, the customization accounts are password protected, so the developers have no insert, update, delete capability in those environments.
You need to spend some time thinking out a strategy that will allow your developers and end users limited access to the Applications database outside the App itself. Your company will probably have to buy some software, like Noetix Views, or install and user Discoverer. This is not something you can do in a day or two; but in order to protect the integrity of your database you need to have some controls.
Vicki Pierce
Database Administration
x2401
| April Wells <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 10/15/2003 08:39 AM
|
|
Okay, anyone using Financials... E-Business suite... Oracle 11i... whatever you want to call it...
I am trying to apply SOME kind of security to my databases. It appears that it is critical for everyone to be able to access production using the APPS id.... Finance and accounting people, developers, everyone. What does everyone else do in their setups? The newest reason is the need to run the new Mass Additions Trace which apparently requires that you use the apps id. We have found a way to set up any user with a read only version of what APPS has (since they have to be able to compile reports in production and access production data live rather than a month old clone), but Oracle says that you need to run Mass Additions Trace as apps.
Does anyone let the entire company have the production apps user's password?
April Wells
Oracle DBA/Oracle Apps DBA
Corporate Systems
Amarillo Texas
/\
/ \
/ \
\ /
\/
>\<
\
>\<
\
Few people really enjoy the simple pleasure of flying a kite
Adam Wells age 11
| The information contained
in this communication, including attachments, is strictly confidential and for the intended use of the addressee only; it may also contain proprietary, price sensitive, or legally privileged information. Notice is hereby given that any disclosure, distribution, dissemination, use, or copying of the information by anyone other than the intended recipient is strictly prohibited and may be illegal. If you have received this communication in error, please notify the sender immediately by reply e-mail, delete this communication, and destroy all copies. Corporate Systems, Inc. has taken reasonable precautions to ensure that any attachment to this e-mail has been swept for viruses. We specifically disclaim all liability and will accept no responsibility for any damage sustained as a result of software viruses and advise you to carry out your own virus checks before opening any attachment. |
