on 2005 Aug 09 1:46 PM
In order to simplify local development and remain consistent with the use and data in the Java Data Dictionary, we would like our developers to connect to the JDD on the development server. We believe we can accomplish this, but the question is "How do we set security on the central JDD so that developers cannot update tables and data that do not belong to them"??
Any help would be greatly appreciated.
Request clarification before answering.
Hi Peggy,
In Grant stmt I think u can have different kinds of access to different roles like read,write & execute which can be set to DB level.DBA will be knowning this.
If u want to give code level access I mean project specific access, then DTR on JDI is the best choice where u can set read permission or edit permission or execute permission for all the users.
Guru
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
If you want to restrict your developers by not accessing the entire DB then I suggest you set the authorizations level from the DB level itself.
Say for ex if user1 have to access Datasource1 which has table1 then using DCL(Data control Language for ex "Grant" statement) set the rights at DB level itself.In this way you can restrict ur developers not modifying the data which is not coming inside their tracks.
Any DB adminstrator can use the DCL statement(Grant Stmt) and do this kind of granting rights based on roles.
Hope it helps.
Regards,
Guru
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Please help me understand what the dba's would doing Grants on. It is my understanding that the Oracle database that supports that Java data dictionary contains only 1 schema for all developers. Is that correct? Assuming it is, all of our developers have the same login/password to that schema, so doing any type of Grants would give them all access. Can you please explain in detail how you're doing this today so we can duplicate your procedure and have security at the table level on our central JDD for the developers.
Thank you!
Hi Peggy,
you can achieve this with NWDI (NetWeaver Development Infrastructure), there in DTR(Design Time Repository) you can configure a node to only be read by developers but never possible to be written.
Regards,
Benny
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
I work with Peggy and wanted to clarify our issue. We know we can contorl access to the Java Dictionary within NetWeaver by assigning them to tracks. That's not our concern right now. What we're worried about is that our developers will have to set up a DataSource to the Oracle DB on the development server, and will therefore know the password to that database. Once they know the password they would be able to access the data in all the tables - including ones not in their own tracks - because they could use any database tool to get to that data.
In addition, we're concerned not only about developers updating data, but even reading, as some of our data is sensitive data that only those working on the project should be allowed to even see.
Thanks for any other advice you have,
Jennifer
User | Count |
---|---|
81 | |
30 | |
10 | |
8 | |
8 | |
7 | |
6 | |
6 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.