RE: ERD generation tool - Active SCM
via ActiveDesigner/ActiveChangeManager...just click on icon privileges and grant "truncate" only ref: http://www.iraje.com/acc_changemanagermain.htm Keith Date: Mon, 06 May 2002 18:28:25 -0800 To: "Multiple recipients of list ORACLE-L" <[EMAIL PROTECTED]> Reply-to: [EMAIL PROTECTED] Organization: Fat City Network Services, San Diego, California Hey, how do you give that truncate only privilege -Original Message- Peterson Sent: Monday, May 06, 2002 8:54 AM To: Multiple recipients of list ORACLE-L this is exactly my point. It would have been better to give your developer "truncate" only privileges, and that too only on a few tables... but NEVER the Oracle schema owner password! NEVER. But, you too gave it away! you too Brutus! Even though you are quite averse to doing so. Think about it, this happens everyday. Whether you like it or not, you have MASTER, TEST, PRODUCTION, DEVELOPMENT, STAGING... instances, and your schema passwords are floating around, and you have no control. And, you promise that you will never give the schema password out ever again, but you know you will... you will be forced to... your director will make you... and if you fight it any win, your developer productivity will be seriously compromised. You need to have a means of giving the schema access without giving away the full house. And the solution is NOT via a read-only user. A read-only user is useless. You cannot do any serious work in a read only user. Been there done that. Giving Oracle privileges, to users, as a case-by-case request, is IMPOSSIBLE for you to manage, UNREASONABLE and NOT FEASIBLE. Anyway, NEVER give the ORACLE PASSWORD away. Only encrypted access. And, let Dom Phoc work right in the owner schema. There will be no problem, if you can GUARANTEE limited access, full audits on everything Dom does via this access, including select statements. Dom Phoc will not be viewing the Salaries, and Credit Card numbers now... not if its being audited. At the expense of sounding like a sales person, let me point this out again for the benefit of the group: And, you certainly need to look at it: http://www.iraje.com/docs/ActiveSecureDesigner.htm I will find forward you some more info. Keith Date: Sun, 05 May 2002 03:48:18 -0800 To: "Multiple recipients of list ORACLE-L" <[EMAIL PROTECTED]> Reply-to: [EMAIL PROTECTED] Organization: Fat City Network Services, San Diego, California Well , just to keep things jumping. Last week I deviated from our rule and gave a responsible user that needed truncate on tables the password for the owner of the schema. Guess what? Today he comes to me to recreate 2 tables that he dropped. Go figure. Yechiel Adar Mehish - Original Message - To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> Sent: Friday, May 03, 2002 5:53 PM > Yechiel, > Yes, I have been there, done that, over and over... > But then, there is a "Toyota Corolla" solution and > maybe a "Ferrari Testarosa" solution. > > If we can control "Dom Phoc" without tieing his hands > behind the back, wouldn't that would be the best: > white paper: > http://www.iraje.com/docs/ActiveSecureDesigner.htm > > > Keith > > > Date: Thu, 02 May 2002 11:48:38 -0800 > To: "Multiple recipients of list ORACLE-L" > <[EMAIL PROTECTED]> > Reply-to: [EMAIL PROTECTED] > Organization: Fat City Network Services, San Diego, > California > > > > Well Keith > > Our solution to the > is: > > Do not grant they rights to do any DDL either in test > nor in prod. > > The dab stuff does all the DDL work. > Sure it is an added chore, but after tracking down, a > few times, tables > that > were dropped > inadvertently by users (their tool did it by itself) > we now use the > following policy: > > Every application has two user id's: > Owner, with password known only to the DBA group. > User with rights for select, insert, update, delete > ONLY. > > It works. > > Yechiel Adar > Mehish > > - Original Message - > To: Multiple recipients of list ORACLE-L > <[EMAIL PROTECTED]> > Sent: Thursday, May 02, 2002 7:54 PM > > > > Lisa, > > There is only so much you can control via a model, > > since it remains a process away from the DB, and > > cannot be enforced via privileges, etc. So, we are > > always in the hands of Dom Phoc (and their > siblings), > > who can do "stuff" even in the production database > > with SQLPLus/TOAD/... Under this schenario, do you > > sleep well at night? > > > > So, we said lets work with our Dom Phoc's. On > > production databases, we will STRIP them off of the > > Oracle database passwords. No password, no change. > > ENFORCED! Now, I can sleep well at night. > > > > How? Not via models. Via a solution involving the > > following, and it seems to be working for us well: > > ActiveDesigner/ActiveChangeManager/ActiveCompare/A+ > > White Paper: > > http://www.iraje.com/docs/ActiveSecureDesigner.htm > > > > Take charge o
Re: ERD generation tool - Active SCM
Sorry to disappoint you all. I gave him the password so he can connect as the owner and then he can do truncate. I scanned the list later and found the discussion on the subject and I am going to replace that with a procedure that he will be granted execute. Yechiel Adar Mehish - Original Message - To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> Sent: Tuesday, May 07, 2002 2:38 PM I thought that there was a way via schema level triggers? I vaguely remember discussion on this last year > -Original Message- > From: [EMAIL PROTECTED]@SUNGARD On Behalf Of "Kimberly Smith" <[EMAIL PROTECTED]> > Sent: Monday, May 06, 2002 10:28 PM > To: Multiple recipients of list ORACLE-L > Subject: RE: ERD generation tool - Active SCM > > Hey, how do you give that truncate only privilege > > > -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Yechiel Adar INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: ERD generation tool - Active SCM
Hello Kieth you wrote: It would have been better to give your developer "truncate" only privileges, You mean: grant truncate on owner.table to user. No such grant. The closest I could find is: Create procedure that truncate the table as the owner and grant execute on the procedure to the user. Any better ideas? BTW - I did not wrote that he dropped the tables using some developing tool called magic because he forgot to switch back to the regular user after the truncate. Yechiel Adar Mehish - Original Message - To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> Sent: Monday, May 06, 2002 5:53 PM > this is exactly my point. > > It would have been better to give your developer > "truncate" only privileges, and that too only on a few > tables... but NEVER the Oracle schema owner password! > NEVER. > > But, you too gave it away! you too Brutus! Even > though you are quite averse to doing so. > > Think about it, this happens everyday. Whether you > like it or not, you have MASTER, TEST, PRODUCTION, > DEVELOPMENT, STAGING... instances, and your schema > passwords are floating around, and you have no > control. And, you promise that you will never give > the schema password out ever again, but you know you > will... you will be forced to... your director will > make you... and if you fight it any win, your > developer productivity will be seriously compromised. > > You need to have a means of giving the schema access > without giving away the full house. And the solution > is NOT via a read-only user. A read-only user is > useless. You cannot do any serious work in a read > only user. Been there done that. Giving Oracle > privileges, to users, as a case-by-case request, is > IMPOSSIBLE for you to manage, UNREASONABLE and NOT > FEASIBLE. > > Anyway, NEVER give the ORACLE PASSWORD away. Only > encrypted access. And, let Dom Phoc work right in the > owner schema. There will be no problem, if you can > GUARANTEE limited access, full audits on everything > Dom does via this access, including select statements. > Dom Phoc will not be viewing the Salaries, and Credit > Card numbers now... not if its being audited. > > At the expense of sounding like a sales person, let me > point this out again for the benefit of the group: > And, you certainly need to look at it: > http://www.iraje.com/docs/ActiveSecureDesigner.htm > > I will find forward you some more info. > > Keith > > > > Date: Sun, 05 May 2002 03:48:18 -0800 > To: "Multiple recipients of list ORACLE-L" > <[EMAIL PROTECTED]> > Reply-to: [EMAIL PROTECTED] > Organization: Fat City Network Services, San Diego, > California > > > Well , just to keep things jumping. > > Last week I deviated from our rule and gave a > responsible user > that needed truncate on tables the password for the > owner of the > schema. > > Guess what? Today he comes to me to recreate 2 tables > that he dropped. > > Go figure. > > Yechiel Adar > Mehish > > - Original Message - > To: Multiple recipients of list ORACLE-L > <[EMAIL PROTECTED]> > Sent: Friday, May 03, 2002 5:53 PM > > > > Yechiel, > > Yes, I have been there, done that, over and over... > > But then, there is a "Toyota Corolla" solution and > > maybe a "Ferrari Testarosa" solution. > > > > If we can control "Dom Phoc" without tieing his > hands > > behind the back, wouldn't that would be the best: > > white paper: > > http://www.iraje.com/docs/ActiveSecureDesigner.htm > > > > > > Keith > > > > > > Date: Thu, 02 May 2002 11:48:38 -0800 > > To: "Multiple recipients of list ORACLE-L" > > <[EMAIL PROTECTED]> > > Reply-to: [EMAIL PROTECTED] > > Organization: Fat City Network Services, San Diego, > > California > > > > > > > > Well Keith > > > > Our solution to the > > is: > > > > Do not grant they rights to do any DDL either in > test > > nor in prod. > > > > The dab stuff does all the DDL work. > > Sure it is an added chore, but after tracking down, > a > > few times, tables > > that > > were dropped > > inadvertently by users (their tool did it by itself) > > we now use the > > following policy: > > > > Every application has two user id's: > > Owner, with password known only to the DBA group. > > User with rights for select, insert, update, delete > > ONLY. > > > > It works. > > > > Yechiel Adar > > Mehish > > > > - Original Message - > > To: Multiple recipients of list ORACLE-L > > <[EMAIL PROTECTED]> > > Sent: Thursday, May 02, 2002 7:54 PM > > > > > > > Lisa, > > > There is only so much you can control via a model, > > > since it remains a process away from the DB, and > > > cannot be enforced via privileges, etc. So, we > are > > > always in the hands of Dom Phoc (and their > > siblings), > > > who can do "stuff" even in the production database > > > with SQLPLus/TOAD/... Under this schenario, do > you > > > sleep well at night? > > > > > > So, we said lets work with our Dom Phoc's. On > > > production databases, we will STRIP them off of > the > > > Oracle database passwords.
RE: ERD generation tool - Active SCM
I thought that there was a way via schema level triggers? I vaguely remember discussion on this last year > -Original Message- > From: [EMAIL PROTECTED]@SUNGARD On Behalf Of "Kimberly Smith" ><[EMAIL PROTECTED]> > Sent: Monday, May 06, 2002 10:28 PM > To: Multiple recipients of list ORACLE-L > Subject: RE: ERD generation tool - Active SCM > > Hey, how do you give that truncate only privilege > > > -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: ERD generation tool - Active SCM
Hey, how do you give that truncate only privilege -Original Message- Peterson Sent: Monday, May 06, 2002 8:54 AM To: Multiple recipients of list ORACLE-L this is exactly my point. It would have been better to give your developer "truncate" only privileges, and that too only on a few tables... but NEVER the Oracle schema owner password! NEVER. But, you too gave it away! you too Brutus! Even though you are quite averse to doing so. Think about it, this happens everyday. Whether you like it or not, you have MASTER, TEST, PRODUCTION, DEVELOPMENT, STAGING... instances, and your schema passwords are floating around, and you have no control. And, you promise that you will never give the schema password out ever again, but you know you will... you will be forced to... your director will make you... and if you fight it any win, your developer productivity will be seriously compromised. You need to have a means of giving the schema access without giving away the full house. And the solution is NOT via a read-only user. A read-only user is useless. You cannot do any serious work in a read only user. Been there done that. Giving Oracle privileges, to users, as a case-by-case request, is IMPOSSIBLE for you to manage, UNREASONABLE and NOT FEASIBLE. Anyway, NEVER give the ORACLE PASSWORD away. Only encrypted access. And, let Dom Phoc work right in the owner schema. There will be no problem, if you can GUARANTEE limited access, full audits on everything Dom does via this access, including select statements. Dom Phoc will not be viewing the Salaries, and Credit Card numbers now... not if its being audited. At the expense of sounding like a sales person, let me point this out again for the benefit of the group: And, you certainly need to look at it: http://www.iraje.com/docs/ActiveSecureDesigner.htm I will find forward you some more info. Keith Date: Sun, 05 May 2002 03:48:18 -0800 To: "Multiple recipients of list ORACLE-L" <[EMAIL PROTECTED]> Reply-to: [EMAIL PROTECTED] Organization: Fat City Network Services, San Diego, California Well , just to keep things jumping. Last week I deviated from our rule and gave a responsible user that needed truncate on tables the password for the owner of the schema. Guess what? Today he comes to me to recreate 2 tables that he dropped. Go figure. Yechiel Adar Mehish - Original Message - To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> Sent: Friday, May 03, 2002 5:53 PM > Yechiel, > Yes, I have been there, done that, over and over... > But then, there is a "Toyota Corolla" solution and > maybe a "Ferrari Testarosa" solution. > > If we can control "Dom Phoc" without tieing his hands > behind the back, wouldn't that would be the best: > white paper: > http://www.iraje.com/docs/ActiveSecureDesigner.htm > > > Keith > > > Date: Thu, 02 May 2002 11:48:38 -0800 > To: "Multiple recipients of list ORACLE-L" > <[EMAIL PROTECTED]> > Reply-to: [EMAIL PROTECTED] > Organization: Fat City Network Services, San Diego, > California > > > > Well Keith > > Our solution to the > is: > > Do not grant they rights to do any DDL either in test > nor in prod. > > The dab stuff does all the DDL work. > Sure it is an added chore, but after tracking down, a > few times, tables > that > were dropped > inadvertently by users (their tool did it by itself) > we now use the > following policy: > > Every application has two user id's: > Owner, with password known only to the DBA group. > User with rights for select, insert, update, delete > ONLY. > > It works. > > Yechiel Adar > Mehish > > - Original Message - > To: Multiple recipients of list ORACLE-L > <[EMAIL PROTECTED]> > Sent: Thursday, May 02, 2002 7:54 PM > > > > Lisa, > > There is only so much you can control via a model, > > since it remains a process away from the DB, and > > cannot be enforced via privileges, etc. So, we are > > always in the hands of Dom Phoc (and their > siblings), > > who can do "stuff" even in the production database > > with SQLPLus/TOAD/... Under this schenario, do you > > sleep well at night? > > > > So, we said lets work with our Dom Phoc's. On > > production databases, we will STRIP them off of the > > Oracle database passwords. No password, no change. > > ENFORCED! Now, I can sleep well at night. > > > > How? Not via models. Via a solution involving the > > following, and it seems to be working for us well: > > ActiveDesigner/ActiveChangeManager/ActiveCompare/A+ > > White Paper: > > http://www.iraje.com/docs/ActiveSecureDesigner.htm > > > > Take charge of the "Dom Phocs" in your org! > > > > Keith > > > > > > > > > > > > > > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, > > "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > > Date: Wed, 1 May 2002 16:06:00 -0500 > > > > > > > > > > > > Well, for one thing, if your developer, Dom Phoc, > > starts changing crap > > in > > your database (as has happened to me in the past)
Re: ERD generation tool - Active SCM
Yechiel, How did you give a "responsible person" the ability to truncate a table without granting "delete any table". Very dangerious. There was a long dicsussion on the list a while ago that displayed the dangers of such a grant. I think it was followed up with an "update your resume" statement. Ron ROR mª¿ªm -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Ron Rogers INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: ERD generation tool - Active SCM
this is exactly my point. It would have been better to give your developer "truncate" only privileges, and that too only on a few tables... but NEVER the Oracle schema owner password! NEVER. But, you too gave it away! you too Brutus! Even though you are quite averse to doing so. Think about it, this happens everyday. Whether you like it or not, you have MASTER, TEST, PRODUCTION, DEVELOPMENT, STAGING... instances, and your schema passwords are floating around, and you have no control. And, you promise that you will never give the schema password out ever again, but you know you will... you will be forced to... your director will make you... and if you fight it any win, your developer productivity will be seriously compromised. You need to have a means of giving the schema access without giving away the full house. And the solution is NOT via a read-only user. A read-only user is useless. You cannot do any serious work in a read only user. Been there done that. Giving Oracle privileges, to users, as a case-by-case request, is IMPOSSIBLE for you to manage, UNREASONABLE and NOT FEASIBLE. Anyway, NEVER give the ORACLE PASSWORD away. Only encrypted access. And, let Dom Phoc work right in the owner schema. There will be no problem, if you can GUARANTEE limited access, full audits on everything Dom does via this access, including select statements. Dom Phoc will not be viewing the Salaries, and Credit Card numbers now... not if its being audited. At the expense of sounding like a sales person, let me point this out again for the benefit of the group: And, you certainly need to look at it: http://www.iraje.com/docs/ActiveSecureDesigner.htm I will find forward you some more info. Keith Date: Sun, 05 May 2002 03:48:18 -0800 To: "Multiple recipients of list ORACLE-L" <[EMAIL PROTECTED]> Reply-to: [EMAIL PROTECTED] Organization: Fat City Network Services, San Diego, California Well , just to keep things jumping. Last week I deviated from our rule and gave a responsible user that needed truncate on tables the password for the owner of the schema. Guess what? Today he comes to me to recreate 2 tables that he dropped. Go figure. Yechiel Adar Mehish - Original Message - To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> Sent: Friday, May 03, 2002 5:53 PM > Yechiel, > Yes, I have been there, done that, over and over... > But then, there is a "Toyota Corolla" solution and > maybe a "Ferrari Testarosa" solution. > > If we can control "Dom Phoc" without tieing his hands > behind the back, wouldn't that would be the best: > white paper: > http://www.iraje.com/docs/ActiveSecureDesigner.htm > > > Keith > > > Date: Thu, 02 May 2002 11:48:38 -0800 > To: "Multiple recipients of list ORACLE-L" > <[EMAIL PROTECTED]> > Reply-to: [EMAIL PROTECTED] > Organization: Fat City Network Services, San Diego, > California > > > > Well Keith > > Our solution to the > is: > > Do not grant they rights to do any DDL either in test > nor in prod. > > The dab stuff does all the DDL work. > Sure it is an added chore, but after tracking down, a > few times, tables > that > were dropped > inadvertently by users (their tool did it by itself) > we now use the > following policy: > > Every application has two user id's: > Owner, with password known only to the DBA group. > User with rights for select, insert, update, delete > ONLY. > > It works. > > Yechiel Adar > Mehish > > - Original Message - > To: Multiple recipients of list ORACLE-L > <[EMAIL PROTECTED]> > Sent: Thursday, May 02, 2002 7:54 PM > > > > Lisa, > > There is only so much you can control via a model, > > since it remains a process away from the DB, and > > cannot be enforced via privileges, etc. So, we are > > always in the hands of Dom Phoc (and their > siblings), > > who can do "stuff" even in the production database > > with SQLPLus/TOAD/... Under this schenario, do you > > sleep well at night? > > > > So, we said lets work with our Dom Phoc's. On > > production databases, we will STRIP them off of the > > Oracle database passwords. No password, no change. > > ENFORCED! Now, I can sleep well at night. > > > > How? Not via models. Via a solution involving the > > following, and it seems to be working for us well: > > ActiveDesigner/ActiveChangeManager/ActiveCompare/A+ > > White Paper: > > http://www.iraje.com/docs/ActiveSecureDesigner.htm > > > > Take charge of the "Dom Phocs" in your org! > > > > Keith > > > > > > > > > > > > > > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, > > "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > > Date: Wed, 1 May 2002 16:06:00 -0500 > > > > > > > > > > > > Well, for one thing, if your developer, Dom Phoc, > > starts changing crap > > in > > your database (as has happened to me in the past) a > > compare to the dev > > model > > would be great because my development changes would > be > > in the model, > > not in > > the test or production databases. In that
Re: ERD generation tool - Active SCM
Yechiel, here is additional information: white paper: http://www.iraje.com/docs/ActiveSecureDesigner.htm WEBCAMS (4-6 mins) and screenshots: ActiveChangeManager: http://www.iraje.com/ActiveChangeManager_viewlet.html http://www.iraje.com/acommanbig.htm ActiveCompare: http://www.iraje.com/ActiveCompare_viewlet.html http://www.iraje.com/acomparebig.htm ActiveDesigner: http://www.iraje.com/ActiveDesigner_viewlet.html http://www.iraje.com/adbig.htm Active+: http://www.iraje.com/active_main.htm Keith Date: Sun, 05 May 2002 03:48:18 -0800 To: "Multiple recipients of list ORACLE-L" <[EMAIL PROTECTED]> Reply-to: [EMAIL PROTECTED] Organization: Fat City Network Services, San Diego, California Well , just to keep things jumping. Last week I deviated from our rule and gave a responsible user that needed truncate on tables the password for the owner of the schema. Guess what? Today he comes to me to recreate 2 tables that he dropped. Go figure. Yechiel Adar Mehish - Original Message - To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> Sent: Friday, May 03, 2002 5:53 PM > Yechiel, > Yes, I have been there, done that, over and over... > But then, there is a "Toyota Corolla" solution and > maybe a "Ferrari Testarosa" solution. > > If we can control "Dom Phoc" without tieing his hands > behind the back, wouldn't that would be the best: > white paper: > http://www.iraje.com/docs/ActiveSecureDesigner.htm > > > Keith __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Keith Peterson INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: ERD generation tool - Active SCM
Sorry Yeichel... I had to laugh! I've been on both sides of this situation. I hope you showed him where his a$$ is for the next time he can't find it with his own two hands. :) and developers wonder why they have been termed duh-veloper and Dom Phoc. That's why every time someone gets upset with me and wants the schema password, I say something to the effect of "It's my job to recover it if something goes wrong. I don't have 24 hours to complete the recovery, and neither do you. No Freaking Way, Mr. CIO." (this has actually happened, it turned into quite an unpleasant discussion). Fire me if you want to. It's a lovely spring morning in Florida and there is a mockingbird serenading me.. Wow. Lisa Koivu Oracle Database Monkey Mama Fairfield Resorts, Inc. 5259 Coconut Creek Parkway Ft. Lauderdale, FL, USA 33063 > -Original Message- > From: Yechiel Adar [SMTP:[EMAIL PROTECTED]] > Sent: Sunday, May 05, 2002 7:48 AM > To: Multiple recipients of list ORACLE-L > Subject: Re: ERD generation tool - Active SCM > > Well , just to keep things jumping. > > Last week I deviated from our rule and gave a responsible user > that needed truncate on tables the password for the owner of the schema. > > Guess what? Today he comes to me to recreate 2 tables that he dropped. > > Go figure. > > Yechiel Adar > Mehish > > - Original Message - > To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> > Sent: Friday, May 03, 2002 5:53 PM > > > > Yechiel, > > Yes, I have been there, done that, over and over... > > But then, there is a "Toyota Corolla" solution and > > maybe a "Ferrari Testarosa" solution. > > > > If we can control "Dom Phoc" without tieing his hands > > behind the back, wouldn't that would be the best: > > white paper: > > http://www.iraje.com/docs/ActiveSecureDesigner.htm > > > > > > Keith > > > > > > Date: Thu, 02 May 2002 11:48:38 -0800 > > To: "Multiple recipients of list ORACLE-L" > > <[EMAIL PROTECTED]> > > Reply-to: [EMAIL PROTECTED] > > Organization: Fat City Network Services, San Diego, > > California > > > > > > > > Well Keith > > > > Our solution to the > > is: > > > > Do not grant they rights to do any DDL either in test > > nor in prod. > > > > The dab stuff does all the DDL work. > > Sure it is an added chore, but after tracking down, a > > few times, tables > > that > > were dropped > > inadvertently by users (their tool did it by itself) > > we now use the > > following policy: > > > > Every application has two user id's: > > Owner, with password known only to the DBA group. > > User with rights for select, insert, update, delete > > ONLY. > > > > It works. > > > > Yechiel Adar > > Mehish > > > > - Original Message - > > To: Multiple recipients of list ORACLE-L > > <[EMAIL PROTECTED]> > > Sent: Thursday, May 02, 2002 7:54 PM > > > > > > > Lisa, > > > There is only so much you can control via a model, > > > since it remains a process away from the DB, and > > > cannot be enforced via privileges, etc. So, we are > > > always in the hands of Dom Phoc (and their > > siblings), > > > who can do "stuff" even in the production database > > > with SQLPLus/TOAD/... Under this schenario, do you > > > sleep well at night? > > > > > > So, we said lets work with our Dom Phoc's. On > > > production databases, we will STRIP them off of the > > > Oracle database passwords. No password, no change. > > > ENFORCED! Now, I can sleep well at night. > > > > > > How? Not via models. Via a solution involving the > > > following, and it seems to be working for us well: > > > ActiveDesigner/ActiveChangeManager/ActiveCompare/A+ > > > White Paper: > > > http://www.iraje.com/docs/ActiveSecureDesigner.htm > > > > > > Take charge of the "Dom Phocs" in your org! > > > > > > Keith > > > > > > > > > > > > > > > > > > > > > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, > > > "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > > > Date: Wed, 1 May 2002 16:06:00 -0500 > > > > > > > > > > > > > > > > > > Well, for one thing, if
Re: ERD generation tool - Active SCM
Well , just to keep things jumping. Last week I deviated from our rule and gave a responsible user that needed truncate on tables the password for the owner of the schema. Guess what? Today he comes to me to recreate 2 tables that he dropped. Go figure. Yechiel Adar Mehish - Original Message - To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> Sent: Friday, May 03, 2002 5:53 PM > Yechiel, > Yes, I have been there, done that, over and over... > But then, there is a "Toyota Corolla" solution and > maybe a "Ferrari Testarosa" solution. > > If we can control "Dom Phoc" without tieing his hands > behind the back, wouldn't that would be the best: > white paper: > http://www.iraje.com/docs/ActiveSecureDesigner.htm > > > Keith > > > Date: Thu, 02 May 2002 11:48:38 -0800 > To: "Multiple recipients of list ORACLE-L" > <[EMAIL PROTECTED]> > Reply-to: [EMAIL PROTECTED] > Organization: Fat City Network Services, San Diego, > California > > > > Well Keith > > Our solution to the > is: > > Do not grant they rights to do any DDL either in test > nor in prod. > > The dab stuff does all the DDL work. > Sure it is an added chore, but after tracking down, a > few times, tables > that > were dropped > inadvertently by users (their tool did it by itself) > we now use the > following policy: > > Every application has two user id's: > Owner, with password known only to the DBA group. > User with rights for select, insert, update, delete > ONLY. > > It works. > > Yechiel Adar > Mehish > > - Original Message - > To: Multiple recipients of list ORACLE-L > <[EMAIL PROTECTED]> > Sent: Thursday, May 02, 2002 7:54 PM > > > > Lisa, > > There is only so much you can control via a model, > > since it remains a process away from the DB, and > > cannot be enforced via privileges, etc. So, we are > > always in the hands of Dom Phoc (and their > siblings), > > who can do "stuff" even in the production database > > with SQLPLus/TOAD/... Under this schenario, do you > > sleep well at night? > > > > So, we said lets work with our Dom Phoc's. On > > production databases, we will STRIP them off of the > > Oracle database passwords. No password, no change. > > ENFORCED! Now, I can sleep well at night. > > > > How? Not via models. Via a solution involving the > > following, and it seems to be working for us well: > > ActiveDesigner/ActiveChangeManager/ActiveCompare/A+ > > White Paper: > > http://www.iraje.com/docs/ActiveSecureDesigner.htm > > > > Take charge of the "Dom Phocs" in your org! > > > > Keith > > > > > > > > > > > > > > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, > > "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > > Date: Wed, 1 May 2002 16:06:00 -0500 > > > > > > > > > > > > Well, for one thing, if your developer, Dom Phoc, > > starts changing crap > > in > > your database (as has happened to me in the past) a > > compare to the dev > > model > > would be great because my development changes would > be > > in the model, > > not in > > the test or production databases. In that specific > > case I had to TRUST > > him > > (what? trust him after what he just did?) to change > > everything back, > > or > > restore from a backup, which would have been very > time > > consuming. > > > > I was one large ball of raging hormones that day and > I > > took it all out > > on > > him. We don't work on the same projects anymore. > > > > Lisa Koivu > > Oracle Database Administrator > > Fairfield Resorts, Inc. > > 5259 Coconut Creek Parkway > > Ft. Lauderdale, FL, USA 33063 > > > > > > > -Original Message- > > > From: Keith Peterson [SMTP:[EMAIL PROTECTED]] > > > Sent: Wednesday, May 01, 2002 5:50 PM > > > To: Multiple recipients of list ORACLE-L > > > Subject: RE: ERD generation tool - Active > > Comparisons > > > > > > Am I speaking to the wind > > > > > > For Compares, why would you compare the MODEL with > > the > > > DATABASE...like going from US to London via > Tokyo... > > > ... and you get to pay more, like... you pay not > for > > > distance, but for "time in the air"... If a tool > > takes > > > longer to do something, makes more mistakes, is > > bumpy > > > and complex... you get to pay more. > > > > > > For compares, someone tell me what beats > > > ActiveCompare: > > > http://www.iraje.com/compare-diff.htm > > > > > > http://www.iraje.com/ActiveCompare_viewlet.html > > > > > > > > > ...and I will switch my tool. > > > > > > Keith > > > > > __ > Do You Yahoo!? > Yahoo! Health - your guide to health and wellness > http://health.yahoo.com > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: Keith Peterson > INET: [EMAIL PROTECTED] > > Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 > San Diego, California-- Public Internet access / Mailing Lists > > To REMOVE yourself from this mailing list,
RE: ERD generation tool - Active SCM
Keith, Just curious, do you have any affiliation with Iraje or are you just a big fan of their products? Sure have been a lot of postings from you this past week on this list, and other Oracle related lists, touting their products ;-) Sounds like you really like their tools. Just wondering if we have another "sales critter" on board ;-) Regards, Larry G. Elkins [EMAIL PROTECTED] 214.954.1781 > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Keith > Peterson > Sent: Friday, May 03, 2002 10:54 AM > To: Multiple recipients of list ORACLE-L > Subject: Re: ERD generation tool - Active SCM > > > Yechiel, > Yes, I have been there, done that, over and over... > But then, there is a "Toyota Corolla" solution and > maybe a "Ferrari Testarosa" solution. > > If we can control "Dom Phoc" without tieing his hands > behind the back, wouldn't that would be the best: > white paper: > http://www.iraje.com/docs/ActiveSecureDesigner.htm > > > Keith > > > Date: Thu, 02 May 2002 11:48:38 -0800 > To: "Multiple recipients of list ORACLE-L" > <[EMAIL PROTECTED]> > Reply-to: [EMAIL PROTECTED] > Organization: Fat City Network Services, San Diego, > California > > > > Well Keith > > Our solution to the > is: > > Do not grant they rights to do any DDL either in test > nor in prod. > > The dab stuff does all the DDL work. > Sure it is an added chore, but after tracking down, a > few times, tables > that > were dropped > inadvertently by users (their tool did it by itself) > we now use the > following policy: > > Every application has two user id's: > Owner, with password known only to the DBA group. > User with rights for select, insert, update, delete > ONLY. > > It works. > > Yechiel Adar > Mehish > > - Original Message - > To: Multiple recipients of list ORACLE-L > <[EMAIL PROTECTED]> > Sent: Thursday, May 02, 2002 7:54 PM > > > > Lisa, > > There is only so much you can control via a model, > > since it remains a process away from the DB, and > > cannot be enforced via privileges, etc. So, we are > > always in the hands of Dom Phoc (and their > siblings), > > who can do "stuff" even in the production database > > with SQLPLus/TOAD/... Under this schenario, do you > > sleep well at night? > > > > So, we said lets work with our Dom Phoc's. On > > production databases, we will STRIP them off of the > > Oracle database passwords. No password, no change. > > ENFORCED! Now, I can sleep well at night. > > > > How? Not via models. Via a solution involving the > > following, and it seems to be working for us well: > > ActiveDesigner/ActiveChangeManager/ActiveCompare/A+ > > White Paper: > > http://www.iraje.com/docs/ActiveSecureDesigner.htm > > > > Take charge of the "Dom Phocs" in your org! > > > > Keith > > > > > > > > > > > > > > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, > > "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > > Date: Wed, 1 May 2002 16:06:00 -0500 > > > > > > > > > > > > Well, for one thing, if your developer, Dom Phoc, > > starts changing crap > > in > > your database (as has happened to me in the past) a > > compare to the dev > > model > > would be great because my development changes would > be > > in the model, > > not in > > the test or production databases. In that specific > > case I had to TRUST > > him > > (what? trust him after what he just did?) to change > > everything back, > > or > > restore from a backup, which would have been very > time > > consuming. > > > > I was one large ball of raging hormones that day and > I > > took it all out > > on > > him. We don't work on the same projects anymore. > > > > Lisa Koivu > > Oracle Database Administrator > > Fairfield Resorts, Inc. > > 5259 Coconut Creek Parkway > > Ft. Lauderdale, FL, USA 33063 > > > > > > > -Original Message- > > > From: Keith Peterson [SMTP:[EMAIL PROTECTED]] > > > Sent: Wednesday, May 01, 2002 5:50 PM > > > To: Multiple recipients of list ORACLE-L > > > Subject: RE: ERD generation tool - Active > > Comparisons > > > > > > Am I speaking to the wind > > > > > > For Compares, why would you compare the MODEL with > > the > >
Re: ERD generation tool - Active SCM
Yechiel, Yes, I have been there, done that, over and over... But then, there is a "Toyota Corolla" solution and maybe a "Ferrari Testarosa" solution. If we can control "Dom Phoc" without tieing his hands behind the back, wouldn't that would be the best: white paper: http://www.iraje.com/docs/ActiveSecureDesigner.htm Keith Date: Thu, 02 May 2002 11:48:38 -0800 To: "Multiple recipients of list ORACLE-L" <[EMAIL PROTECTED]> Reply-to: [EMAIL PROTECTED] Organization: Fat City Network Services, San Diego, California Well Keith Our solution to the is: Do not grant they rights to do any DDL either in test nor in prod. The dab stuff does all the DDL work. Sure it is an added chore, but after tracking down, a few times, tables that were dropped inadvertently by users (their tool did it by itself) we now use the following policy: Every application has two user id's: Owner, with password known only to the DBA group. User with rights for select, insert, update, delete ONLY. It works. Yechiel Adar Mehish - Original Message - To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> Sent: Thursday, May 02, 2002 7:54 PM > Lisa, > There is only so much you can control via a model, > since it remains a process away from the DB, and > cannot be enforced via privileges, etc. So, we are > always in the hands of Dom Phoc (and their siblings), > who can do "stuff" even in the production database > with SQLPLus/TOAD/... Under this schenario, do you > sleep well at night? > > So, we said lets work with our Dom Phoc's. On > production databases, we will STRIP them off of the > Oracle database passwords. No password, no change. > ENFORCED! Now, I can sleep well at night. > > How? Not via models. Via a solution involving the > following, and it seems to be working for us well: > ActiveDesigner/ActiveChangeManager/ActiveCompare/A+ > White Paper: > http://www.iraje.com/docs/ActiveSecureDesigner.htm > > Take charge of the "Dom Phocs" in your org! > > Keith > > > > > > > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, > "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > Date: Wed, 1 May 2002 16:06:00 -0500 > > > > > > Well, for one thing, if your developer, Dom Phoc, > starts changing crap > in > your database (as has happened to me in the past) a > compare to the dev > model > would be great because my development changes would be > in the model, > not in > the test or production databases. In that specific > case I had to TRUST > him > (what? trust him after what he just did?) to change > everything back, > or > restore from a backup, which would have been very time > consuming. > > I was one large ball of raging hormones that day and I > took it all out > on > him. We don't work on the same projects anymore. > > Lisa Koivu > Oracle Database Administrator > Fairfield Resorts, Inc. > 5259 Coconut Creek Parkway > Ft. Lauderdale, FL, USA 33063 > > > > -Original Message- > > From: Keith Peterson [SMTP:[EMAIL PROTECTED]] > > Sent: Wednesday, May 01, 2002 5:50 PM > > To: Multiple recipients of list ORACLE-L > > Subject: RE: ERD generation tool - Active > Comparisons > > > > Am I speaking to the wind > > > > For Compares, why would you compare the MODEL with > the > > DATABASE...like going from US to London via Tokyo... > > ... and you get to pay more, like... you pay not for > > distance, but for "time in the air"... If a tool > takes > > longer to do something, makes more mistakes, is > bumpy > > and complex... you get to pay more. > > > > For compares, someone tell me what beats > > ActiveCompare: > > http://www.iraje.com/compare-diff.htm > > > > http://www.iraje.com/ActiveCompare_viewlet.html > > > > > > ...and I will switch my tool. > > > > Keith __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Keith Peterson INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: ERD generation tool - Active SCM
Yes, what you describe does work. However, when the person you don't trust is another DBA (Can we think of another name considering this guy is a DBA? Doom Big Ash-Hole?), it's another story. Lisa Koivu Oracle Database Administrator Fairfield Resorts, Inc. 5259 Coconut Creek Parkway Ft. Lauderdale, FL, USA 33063 > -Original Message- > From: Yechiel Adar [SMTP:[EMAIL PROTECTED]] > Sent: Thursday, May 02, 2002 3:49 PM > To: Multiple recipients of list ORACLE-L > Subject: Re: ERD generation tool - Active SCM > > Well Keith > > Our solution to the is: > > Do not grant they rights to do any DDL either in test nor in prod. > > The dab stuff does all the DDL work. > Sure it is an added chore, but after tracking down, a few times, tables > that > were dropped > inadvertently by users (their tool did it by itself) we now use the > following policy: > > Every application has two user id's: > Owner, with password known only to the DBA group. > User with rights for select, insert, update, delete ONLY. > > It works. > > Yechiel Adar > Mehish > > - Original Message - > To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> > Sent: Thursday, May 02, 2002 7:54 PM > > > > Lisa, > > There is only so much you can control via a model, > > since it remains a process away from the DB, and > > cannot be enforced via privileges, etc. So, we are > > always in the hands of Dom Phoc (and their siblings), > > who can do "stuff" even in the production database > > with SQLPLus/TOAD/... Under this schenario, do you > > sleep well at night? > > > > So, we said lets work with our Dom Phoc's. On > > production databases, we will STRIP them off of the > > Oracle database passwords. No password, no change. > > ENFORCED! Now, I can sleep well at night. > > > > How? Not via models. Via a solution involving the > > following, and it seems to be working for us well: > > ActiveDesigner/ActiveChangeManager/ActiveCompare/A+ > > White Paper: > > http://www.iraje.com/docs/ActiveSecureDesigner.htm > > > > Take charge of the "Dom Phocs" in your org! > > > > Keith > > > > > > > > > > > > > > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, > > "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > > Date: Wed, 1 May 2002 16:06:00 -0500 > > > > > > > > > > > > Well, for one thing, if your developer, Dom Phoc, > > starts changing crap > > in > > your database (as has happened to me in the past) a > > compare to the dev > > model > > would be great because my development changes would be > > in the model, > > not in > > the test or production databases. In that specific > > case I had to TRUST > > him > > (what? trust him after what he just did?) to change > > everything back, > > or > > restore from a backup, which would have been very time > > consuming. > > > > I was one large ball of raging hormones that day and I > > took it all out > > on > > him. We don't work on the same projects anymore. > > > > Lisa Koivu > > Oracle Database Administrator > > Fairfield Resorts, Inc. > > 5259 Coconut Creek Parkway > > Ft. Lauderdale, FL, USA 33063 > > > > > > > -Original Message- > > > From: Keith Peterson [SMTP:[EMAIL PROTECTED]] > > > Sent: Wednesday, May 01, 2002 5:50 PM > > > To: Multiple recipients of list ORACLE-L > > > Subject: RE: ERD generation tool - Active > > Comparisons > > > > > > Am I speaking to the wind > > > > > > For Compares, why would you compare the MODEL with > > the > > > DATABASE...like going from US to London via Tokyo... > > > ... and you get to pay more, like... you pay not for > > > distance, but for "time in the air"... If a tool > > takes > > > longer to do something, makes more mistakes, is > > bumpy > > > and complex... you get to pay more. > > > > > > For compares, someone tell me what beats > > > ActiveCompare: > > > http://www.iraje.com/compare-diff.htm > > > > > > http://www.iraje.com/ActiveCompare_viewlet.html > > > > > > > > > ...and I will switch my tool. > > > > > > Keith > > > > > > > > __ > > Do You Yahoo!? > > Yahoo! Health - your gu
Re: ERD generation tool - Active SCM
Well Keith Our solution to the is: Do not grant they rights to do any DDL either in test nor in prod. The dab stuff does all the DDL work. Sure it is an added chore, but after tracking down, a few times, tables that were dropped inadvertently by users (their tool did it by itself) we now use the following policy: Every application has two user id's: Owner, with password known only to the DBA group. User with rights for select, insert, update, delete ONLY. It works. Yechiel Adar Mehish - Original Message - To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> Sent: Thursday, May 02, 2002 7:54 PM > Lisa, > There is only so much you can control via a model, > since it remains a process away from the DB, and > cannot be enforced via privileges, etc. So, we are > always in the hands of Dom Phoc (and their siblings), > who can do "stuff" even in the production database > with SQLPLus/TOAD/... Under this schenario, do you > sleep well at night? > > So, we said lets work with our Dom Phoc's. On > production databases, we will STRIP them off of the > Oracle database passwords. No password, no change. > ENFORCED! Now, I can sleep well at night. > > How? Not via models. Via a solution involving the > following, and it seems to be working for us well: > ActiveDesigner/ActiveChangeManager/ActiveCompare/A+ > White Paper: > http://www.iraje.com/docs/ActiveSecureDesigner.htm > > Take charge of the "Dom Phocs" in your org! > > Keith > > > > > > > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, > "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > Date: Wed, 1 May 2002 16:06:00 -0500 > > > > > > Well, for one thing, if your developer, Dom Phoc, > starts changing crap > in > your database (as has happened to me in the past) a > compare to the dev > model > would be great because my development changes would be > in the model, > not in > the test or production databases. In that specific > case I had to TRUST > him > (what? trust him after what he just did?) to change > everything back, > or > restore from a backup, which would have been very time > consuming. > > I was one large ball of raging hormones that day and I > took it all out > on > him. We don't work on the same projects anymore. > > Lisa Koivu > Oracle Database Administrator > Fairfield Resorts, Inc. > 5259 Coconut Creek Parkway > Ft. Lauderdale, FL, USA 33063 > > > > -Original Message- > > From: Keith Peterson [SMTP:[EMAIL PROTECTED]] > > Sent: Wednesday, May 01, 2002 5:50 PM > > To: Multiple recipients of list ORACLE-L > > Subject: RE: ERD generation tool - Active > Comparisons > > > > Am I speaking to the wind > > > > For Compares, why would you compare the MODEL with > the > > DATABASE...like going from US to London via Tokyo... > > ... and you get to pay more, like... you pay not for > > distance, but for "time in the air"... If a tool > takes > > longer to do something, makes more mistakes, is > bumpy > > and complex... you get to pay more. > > > > For compares, someone tell me what beats > > ActiveCompare: > > http://www.iraje.com/compare-diff.htm > > > > http://www.iraje.com/ActiveCompare_viewlet.html > > > > > > ...and I will switch my tool. > > > > Keith > > > > __ > Do You Yahoo!? > Yahoo! Health - your guide to health and wellness > http://health.yahoo.com > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: Keith Peterson > INET: [EMAIL PROTECTED] > > Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 > San Diego, California-- Public Internet access / Mailing Lists > > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Yechiel Adar INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: ERD generation tool - Active SCM
Thanks Keith, I'll check it out. Lisa Koivu Oracle Database Baby Oven Fairfield Resorts, Inc. 5259 Coconut Creek Parkway Ft. Lauderdale, FL, USA 33063 > -Original Message- > From: Keith Peterson [SMTP:[EMAIL PROTECTED]] > Sent: Thursday, May 02, 2002 1:55 PM > To: Multiple recipients of list ORACLE-L > Subject: RE: ERD generation tool - Active SCM > > Lisa, > There is only so much you can control via a model, > since it remains a process away from the DB, and > cannot be enforced via privileges, etc. So, we are > always in the hands of Dom Phoc (and their siblings), > who can do "stuff" even in the production database > with SQLPLus/TOAD/... Under this schenario, do you > sleep well at night? > > So, we said lets work with our Dom Phoc's. On > production databases, we will STRIP them off of the > Oracle database passwords. No password, no change. > ENFORCED! Now, I can sleep well at night. > > How? Not via models. Via a solution involving the > following, and it seems to be working for us well: > ActiveDesigner/ActiveChangeManager/ActiveCompare/A+ > White Paper: > http://www.iraje.com/docs/ActiveSecureDesigner.htm > > Take charge of the "Dom Phocs" in your org! > > Keith > > > > > > > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, > "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > Date: Wed, 1 May 2002 16:06:00 -0500 > > > > > > Well, for one thing, if your developer, Dom Phoc, > starts changing crap > in > your database (as has happened to me in the past) a > compare to the dev > model > would be great because my development changes would be > in the model, > not in > the test or production databases. In that specific > case I had to TRUST > him > (what? trust him after what he just did?) to change > everything back, > or > restore from a backup, which would have been very time > consuming. > > I was one large ball of raging hormones that day and I > took it all out > on > him. We don't work on the same projects anymore. > > Lisa Koivu > Oracle Database Administrator > Fairfield Resorts, Inc. > 5259 Coconut Creek Parkway > Ft. Lauderdale, FL, USA 33063 > > > > -Original Message- > > From: Keith Peterson [SMTP:[EMAIL PROTECTED]] > > Sent: Wednesday, May 01, 2002 5:50 PM > > To: Multiple recipients of list ORACLE-L > > Subject:RE: ERD generation tool - Active > Comparisons > > > > Am I speaking to the wind > > > > For Compares, why would you compare the MODEL with > the > > DATABASE...like going from US to London via Tokyo... > > ... and you get to pay more, like... you pay not for > > distance, but for "time in the air"... If a tool > takes > > longer to do something, makes more mistakes, is > bumpy > > and complex... you get to pay more. > > > > For compares, someone tell me what beats > > ActiveCompare: > > http://www.iraje.com/compare-diff.htm > > > > http://www.iraje.com/ActiveCompare_viewlet.html > > > > > > ...and I will switch my tool. > > > > Keith > > > > __ > Do You Yahoo!? > Yahoo! Health - your guide to health and wellness > http://health.yahoo.com > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: Keith Peterson > INET: [EMAIL PROTECTED] > > Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 > San Diego, California-- Public Internet access / Mailing Lists > > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Koivu, Lisa INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: ERD generation tool - Active SCM
Lisa, There is only so much you can control via a model, since it remains a process away from the DB, and cannot be enforced via privileges, etc. So, we are always in the hands of Dom Phoc (and their siblings), who can do "stuff" even in the production database with SQLPLus/TOAD/... Under this schenario, do you sleep well at night? So, we said lets work with our Dom Phoc's. On production databases, we will STRIP them off of the Oracle database passwords. No password, no change. ENFORCED! Now, I can sleep well at night. How? Not via models. Via a solution involving the following, and it seems to be working for us well: ActiveDesigner/ActiveChangeManager/ActiveCompare/A+ White Paper: http://www.iraje.com/docs/ActiveSecureDesigner.htm Take charge of the "Dom Phocs" in your org! Keith To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> Date: Wed, 1 May 2002 16:06:00 -0500 Well, for one thing, if your developer, Dom Phoc, starts changing crap in your database (as has happened to me in the past) a compare to the dev model would be great because my development changes would be in the model, not in the test or production databases. In that specific case I had to TRUST him (what? trust him after what he just did?) to change everything back, or restore from a backup, which would have been very time consuming. I was one large ball of raging hormones that day and I took it all out on him. We don't work on the same projects anymore. Lisa Koivu Oracle Database Administrator Fairfield Resorts, Inc. 5259 Coconut Creek Parkway Ft. Lauderdale, FL, USA 33063 > -Original Message- > From: Keith Peterson [SMTP:[EMAIL PROTECTED]] > Sent: Wednesday, May 01, 2002 5:50 PM > To: Multiple recipients of list ORACLE-L > Subject: RE: ERD generation tool - Active Comparisons > > Am I speaking to the wind > > For Compares, why would you compare the MODEL with the > DATABASE...like going from US to London via Tokyo... > ... and you get to pay more, like... you pay not for > distance, but for "time in the air"... If a tool takes > longer to do something, makes more mistakes, is bumpy > and complex... you get to pay more. > > For compares, someone tell me what beats > ActiveCompare: > http://www.iraje.com/compare-diff.htm > > http://www.iraje.com/ActiveCompare_viewlet.html > > > ...and I will switch my tool. > > Keith __ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Keith Peterson INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).