Yes, what you describe does work. However, when the person you don't trust is another DBA (Can we think of another name considering this guy is a DBA? Doom Big Ash-Hole?), it's another story.
Lisa Koivu Oracle Database Administrator Fairfield Resorts, Inc. 5259 Coconut Creek Parkway Ft. Lauderdale, FL, USA 33063 > -----Original Message----- > From: Yechiel Adar [SMTP:[EMAIL PROTECTED]] > Sent: Thursday, May 02, 2002 3:49 PM > To: Multiple recipients of list ORACLE-L > Subject: Re: ERD generation tool - Active SCM > > Well Keith > > Our solution to the <Doom Phoc (and their siblings)> is: > > Do not grant they rights to do any DDL either in test nor in prod. > > The dab stuff does all the DDL work. > Sure it is an added chore, but after tracking down, a few times, tables > that > were dropped > inadvertently by users (their tool did it by itself) we now use the > following policy: > > Every application has two user id's: > Owner, with password known only to the DBA group. > User with rights for select, insert, update, delete ONLY. > > It works. > > Yechiel Adar > Mehish > > ----- Original Message ----- > To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> > Sent: Thursday, May 02, 2002 7:54 PM > > > > Lisa, > > There is only so much you can control via a model, > > since it remains a process away from the DB, and > > cannot be enforced via privileges, etc. So, we are > > always in the hands of Dom Phoc (and their siblings), > > who can do "stuff" even in the production database > > with SQLPLus/TOAD/... Under this schenario, do you > > sleep well at night? > > > > So, we said lets work with our Dom Phoc's. On > > production databases, we will STRIP them off of the > > Oracle database passwords. No password, no change. > > ENFORCED! Now, I can sleep well at night. > > > > How? Not via models. Via a solution involving the > > following, and it seems to be working for us well: > > ActiveDesigner/ActiveChangeManager/ActiveCompare/A+ > > White Paper: > > http://www.iraje.com/docs/ActiveSecureDesigner.htm > > > > Take charge of the "Dom Phocs" in your org! > > > > Keith > > > > > > > > > > > > > > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, > > "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > > Date: Wed, 1 May 2002 16:06:00 -0500 > > > > > > > > > > > > Well, for one thing, if your developer, Dom Phoc, > > starts changing crap > > in > > your database (as has happened to me in the past) a > > compare to the dev > > model > > would be great because my development changes would be > > in the model, > > not in > > the test or production databases. In that specific > > case I had to TRUST > > him > > (what? trust him after what he just did?) to change > > everything back, > > or > > restore from a backup, which would have been very time > > consuming. > > > > I was one large ball of raging hormones that day and I > > took it all out > > on > > him. We don't work on the same projects anymore. > > > > Lisa Koivu > > Oracle Database Administrator > > Fairfield Resorts, Inc. > > 5259 Coconut Creek Parkway > > Ft. Lauderdale, FL, USA 33063 > > > > > > > -----Original Message----- > > > From: Keith Peterson [SMTP:[EMAIL PROTECTED]] > > > Sent: Wednesday, May 01, 2002 5:50 PM > > > To: Multiple recipients of list ORACLE-L > > > Subject: RE: ERD generation tool - Active > > Comparisons > > > > > > Am I speaking to the wind .... > > > > > > For Compares, why would you compare the MODEL with > > the > > > DATABASE...like going from US to London via Tokyo... > > > ... and you get to pay more, like... you pay not for > > > distance, but for "time in the air"... If a tool > > takes > > > longer to do something, makes more mistakes, is > > bumpy > > > and complex... you get to pay more. > > > > > > For compares, someone tell me what beats > > > ActiveCompare: > > > http://www.iraje.com/compare-diff.htm > > > > > > http://www.iraje.com/ActiveCompare_viewlet.html > > > > > > > > > ...and I will switch my tool. > > > > > > Keith > > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Yahoo! Health - your guide to health and wellness > > http://health.yahoo.com > > -- > > Please see the official ORACLE-L FAQ: http://www.orafaq.com > > -- > > Author: Keith Peterson > > INET: [EMAIL PROTECTED] > > > > Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 > > San Diego, California -- Public Internet access / Mailing Lists > > -------------------------------------------------------------------- > > To REMOVE yourself from this mailing list, send an E-Mail message > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > > the message BODY, include a line containing: UNSUB ORACLE-L > > (or the name of mailing list you want to be removed from). You may > > also send the HELP command for other information (like subscribing). > > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: Yechiel Adar > INET: [EMAIL PROTECTED] > > Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 > San Diego, California -- Public Internet access / Mailing Lists > -------------------------------------------------------------------- > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Koivu, Lisa INET: [EMAIL PROTECTED] Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).