Skip to Main Content

Breadcrumb

Question and Answer

Connor McDonald

Thanks for the question, praveen.

Asked: September 09, 2016 - 11:12 pm UTC

Last updated: September 10, 2016 - 1:10 am UTC

Version: 12

Viewed 1000+ times

You Asked

Hi ,


Developers who have read access on production,if given write access to their individual schemas. what are the advantages and disadvantages from oracle point of view.

i am considering security -a)no encryption of users data.
b)performance impact if they run and select * From into
c)storage issues
d) backup impact
e)dr impact


so please advice not only on the points i mentioned but over, all the advantages and disadvantages for developers,qa other than DBA to have write access to their schemas in production.

Thanks
Praveen.


and Connor said...

Some things to take into consideration

- the number of objects in a typical database *public* access. Everyone with an account would get access those

- look at using profiles/resource manager to lock down how much resource a non-critical user is allowed to consume

- the "social" risk of people putting critical information into their own schemas, where critical could mean "sensitive" or just they incorrectly build apps etc on top of it. You could consider only giving privs to create *temporary* tables rather than permanent ones.

- and finally... the concept of justification. *Why* do they need write access?

Rating

  (1 rating)

Is this answer out of date? If it is, please let us know via a Comment

Comments

Why even read access?

Pete, September 10, 2016 - 2:50 am UTC

Why do developers even have read access to your production database? Many, if not all of the concerns you list can apply just as much to read access as to write access. I can think of a couple of reasons that they might need it, but every permission or capability you allow any user to have should be fully justified and not just nice to have. If their justification is valid and what they want can be done securely and without undue impact on performance, then help them get there. If the justification is weak or what is asked for is excessive or unsafe, then find an alternative approach or get management involved to formally accept the risk before doing anything.

Btw, I really like the idea of forcing them to use temporary tables...
more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's latest video and Chris's latest video from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.