Protecting schema changes

Title: Protecting schema changes In a n-tier system that connects to the database with JDBC, how does a DBA keep developers from modifying the application schema without the DBA's consent or knowledge in a centralized development environment? The developers can have their own personal

RE: Protecting schema changes

Following is one approach that I had implemented... (oracle 8i and up). The credit goes to Joe Testa for posting it 3 years ago :) - Kirti On Thu, 6 Jan 2000, Joseph Testa wrote: Why would you want to do that, well, i'm at a place where the developers have the schema owner password

RE: Protecting schema changes

Title: Message Revoke the create table privileges. -Original Message-From: Webber Valerie H [mailto:[EMAIL PROTECTED]] Sent: Friday, January 10, 2003 11:50 AMTo: Multiple recipients of list ORACLE-LSubject: Protecting schema changes In a n-tier system that connects

RE: Protecting schema changes

Val, One option is to provide access via an account that is not the owner of these objects but has all required DML privs but not DDL privs. If you cannot do this, you could always code in a Database level trigger for DDL and rap the Developer's knuckles when they do something out of turn. We

RE: Protecting schema changes

Valerie - Here is what I've been doing. Say the application uses SCHEMA_A. Create schema SCHEMA_B and create all objects in that schema. Grant select, insert, delete, update access for all objects to SCHEMA_A. In SCHEMA_A, create synonyms to point to the objects in SCHEMA_B. Only give the

RE: Protecting schema changes

Title: Protecting schema changes Val, 1). Create a role. Grant select, insert, update and delete of all the tables, views, sequences, procedures, packages and functions used by the application to this role. 2). create public synonyms for the objects in the application synonym. 3). create

RE: Protecting schema changes

Title: Protecting schema changes Super! Is it okay to grant 'select any table' or should it be object specific? I'd think object specific would be more secure. Thanks for your help and have a nice weekend too! Val -Original Message-From: Mercadante, Thomas F [mailto:[EMAIL

RE: Protecting schema changes

Title: Protecting schema changes Seperate the object owner from the account which they use to connect. So they would connect through an account that doesn't actually own any objects but just have enough privilege to access them. -Original Message-From: Webber Valerie H [mailto

Re: Protecting schema changes

We faced a similar problem. We use change control to help manage this. The developers have the schema password in development , but not in UAT (Certification) or Production. We create a run-time userid for their application to use rather than logging in as the schema owner. The run-time userid

Re: Protecting schema changes

or allow modification to the data only through stored procedures . compile stored procedures in to another schema ( having dmp rites ) . Give execute privilage to the gateway schema . - Original Message - To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED] Sent: Friday, January