INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

Security of Oracle database

Security of Oracle database

(OP)
Hey all,

I have a bit of a dilemma around security for our Oracle database. We have a corporate database that has about 40 odd different schemas setup that are used by various applications. The applications provide the method of allowing users to view and modify the data as need be. We also use Business Objects for reporting, along with some web based ASP reports. Some of our applications also allow spreadsheet export of the data to allow users to slice and dice, and analyse the data that they own.

The dilemma is that the users have previously had Read only access to some of this data via a RO user that was setup for them. I am not happy with providing this read only direct access to them, due to security issues and potential issues around inefficient SQL affecting database performance.

I'd like to know what other businesses do to allow users access to the data, for them to analyse the data in spreadsheets, or for storing constants (Specific gravity of products, various other ratios etc) that need to be centrally managed so that if it is updated, it is then updated in all the various computational models etc that use these values. Do you allow RO access direct to the DB? Do you have other ways of allowing access to the data without direct RO access? Or do you just flat out say that the only way to ensure these values are up to date is to manually update them based on the data within the application?

Looking for any helpful information! Thanks!

RE: Security of Oracle database


1) Use Virtual private database(s)
2) Spreadsheet export of the data are prohibited -- go through Business Objects for data analysis.
3) Create a "reporting database" to avoid security issues and potential issues around inefficient SQL affecting database performance.
noevil

----------------------------------------------------------------------------
The person who says it can't be done should not interrupt the person doing it. -- Chinese proverb

RE: Security of Oracle database

I second LKBrwnDBA's suggestions. In our organization, we have a Data Warehouse (DW) to which all applications send pertinent updates for each application on a daily basis. We tune and secure the DW for Business Intelligence/Reporting queries so that the objectives/performance of the DW database do not conflict with the objectives/performance and security of our on-line transaction processing (OLTP) applications. There is much to be said for separating the OLTP databases from the management-reporting/management-inquiry databases.

santaMufasa
(aka Dave of Sandy, Utah, USA)
“People may forget what you say, but they will never forget how you made them feel."

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close