| Preventing programmer changing data [message #250137] |
Sun, 08 July 2007 11:15  |
chara
Messages: 81
Registered: April 2005
Location: th
|
Member |
|
|
Dear all,
I want to not allow programmer changing data (insert/update/delete) from any tools such as toad. They can logon via toad and only select data.I don't want to create a new user and grant it only select.I think i will create trigger BEFORE INSERT OR DELETE OR UPDATE ON table.But my problem was i have many tables if i have use this method i must to create around 200 triggers (equal with no. of tables).I want to create only one trigger and can use with all tables.Pls advice me .
Thanks for advance !
Chara
|
|
|
|
|
|
|
|
| Re: Preventing programmer changing data [message #250281 is a reply to message #250137] |
Mon, 09 July 2007 07:59  |
MarcL
Messages: 455
Registered: November 2006
Location: Connecticut, USA
|
Senior Member |
|
|
Michel,
I couldn't agree more. I am a developer, I do have read access to production data, which is necessary, but I don't want any more than that. It's way to easy to make silly misatakes. In a previous life, this prime directive was violated, a colleague actually deleted all the data from a production table. Too easy to do.
If you have QA databases, or Functional Databases where you want the data in a "pure" state, then the developers should not have any credentials that allow updates to these instances either.
[Updated on: Mon, 09 July 2007 08:00] Report message to a moderator |
|
|
|
|
|
| Re: Preventing programmer changing data [message #250291 is a reply to message #250145] |
Mon, 09 July 2007 08:53 |
joy_division
Messages: 4963
Registered: February 2005
Location: East Coast USA
|
Senior Member |
|
|
| Michel Cadot wrote on Sun, 08 July 2007 12:50 | Prime directive: programmers don't have access to production database.
|
I thought the prime directive was that Starfleet is not supposed to interfere in the normal development or inner workings of other planets.
|
|
|
|
| Re: Preventing programmer changing data [message #250294 is a reply to message #250290] |
Mon, 09 July 2007 09:00 |
MarcL
Messages: 455
Registered: November 2006
Location: Connecticut, USA
|
Senior Member |
|
|
| Michel Cadot wrote on Mon, 09 July 2007 08:52 | Why developer should have access to condifential data?
Never!
|
Michel,
Currently I am not an outside consultant, or a 3rd party developer, but working for the manufacturing company. There are no confidentiality or proprietary issues in my situation.
Being able to see production data helps both myself and the users in expediting questions/bugs.
So never is quite strong :}
|
|
|
|
| Re: Preventing programmer changing data [message #250295 is a reply to message #250294] |
Mon, 09 July 2007 09:04 |
 |
Michel Cadot
Messages: 68686
Registered: March 2007
Location: Nanterre, France, http://...
|
Senior Member
Account Moderator |
|
|
| Quote: | Currently I am not an outside consultant, or a 3rd party developer, but working for the manufacturing company. There are no confidentiality or proprietary issues in my situation.
|
Ask you boss if he likes to see you watching how much he earns and where he lives...
[Edit] I don't know how it is in USA but in France it is illegal that to let someone that is not in HR department see others' private data.
Regards
Michel
[Updated on: Mon, 09 July 2007 10:25] Report message to a moderator |
|
|
|
|
|
| Re: Preventing programmer changing data [message #250300 is a reply to message #250298] |
Mon, 09 July 2007 10:28 |
|
Michel Cadot
Messages: 68686
Registered: March 2007
Location: Nanterre, France, http://...
|
Senior Member
Account Moderator |
|
|
And there are no confidential transactions?
Nothing that your boss don't want to go outside the entreprise?
Like providers or customers or stocks or ...?
Well, in this case, why not.
Regards
Michel
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
