Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What permissions should Developers have in the Dev database instance

Tags:

permissions

oracle

database-administration

...and how should those permissions be granted. I work in a large IT dept with 70+ applications, some in SQL server and most in oracle. Each system has a prod, QA and Dev instance. We (I'm a developer) have readonly access to prod/qa, which I'm fine with. In SQL server development instances devs are given db_owner, which works totally fine. The debate is over what permissions I should have in the DEV oracle databases.

I recognize that best case would be to have each dev run their own instance on their workstation for development, but because of the size of the databases this has not been considered an option.

I'm also interested in HOW these permissions should be applied. In oracle permissions granted via a role are not active during PL/SQL execution so roles (even the "dba" role) are not useful. That leaves using a built in account (system) or creating dozens of users accross dozens of database and directly granting dozens of permissions to each. In my mind just letting the devs login as system is making a lot of sense, but our DBAs claim that's a bad idea.

like image 274
Andy Avatar asked Sep 17 '09 22:09

Andy

People also ask

Should developers access the production environment?

Developers should have access to production so that it's easier for them to help with implementation and maintenance. That is, they can fix any bugs found, they can help with integration, and so on. If something goes really wrong, it's going to be super helpful to have a developer on hand to help put out the fire.

What are the key features of Oracle SQL Developer?

Oracle SQL Developer is a free graphical tool that enhances productivity and simplifies database development tasks. Using SQL Developer, users can browse database objects, run SQL statements, edit and debug PL/SQL statements and run reports, whether provided or created.

1 Answers

We used to just give developers access to the application account. This works for small shops but rapidly gets out of hand as the number of developers increase.

Here's what we do now:

  1. the Application has it's own account (aka schema).
  2. Developers have their own accounts
  3. Data resides in the application schema
  4. We have an ant build script to build code into whatever schema you want.
    • code includes views, packages, objects etc..
    • the build script includes a step to run a stored procedure to grant explicit rights to developers to the application data
  5. Developers make changes in their own schema
  6. When happy they check that into subversion
  7. The Application's dev schema is built from the new subversion build.
  8. Developers can check out and rebuild their own environments.
  9. DDL changes to table structures are done via the DBA
    • these can be scripted as well

This has the benefit of ensure any front end application is not broken by database developers constantly rebuilding everything.

like image 70
David Avatar answered Sep 23 '22 02:09

David
Sign in to Comment

Related questions

Getting ORA-01882: timezone region not found with Oracle UCP, on aws ec2 instance?
Reset the date portion to the first of the month while preserving the time
Sql Only String search
How to set Oracle SQL Developer automatically wrap long SQL statements
Select the first record of the last group when there are repeating groups
How to improve performance of a simple select query in oracle
oracle forms not showing all fields
Oracle SQL, round greater than 'half' only
Oracle Developer Tools for Visual Studio 2019 can not be installed properly
When to commit changes?
How to format Oracle SQL text-only select output
UPDATE using two tables, Concatenation
REF CURSOR versus TABLE function in Oracle
Oracle: what is the "instantclient" connection string format?
Oracle Form Builder: Switching between tabs in a form
ORACLE Batching DDL statements within a Execute Immediate
ORA-00900: invalid SQL statement- when run a procedure in oracle 10g
How to find which version of Oracle is installed on a Linux server (In terminal) [closed]
Oracle: how to create an identity column? [duplicate]
Underscore is not working in oracle like clause

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!