Hi!

I just started working as a database developer (oracle) at a medium sized company. And I was very puzzled with how the oracle dba's had things organized. This company have an environment as following:

2 oracle clusters
8 prod instances
6 test instances
3 dev instances

Each instance have about 10 databases each.

There are about 40 people at the IT dept that work with oracle, either as developers or just reading data. And about 40 external people at sales offices etc that mostly read views into external systems for analysis. Out of the 40 ppl in the it department 30 % are consultants.


That puzzles me the most is that the dba's have no role based security. WHen I need access to something I ahve to specify exactly the tables, objects, privilegies I need and then they add this to my db user. You can imagine when there are about 6 parallell development projects that all need access to different things on a running basis. I have waited for grants to a database for about 3 weeks now... And another colleague have waited 2 weeks for a database user.

What I can't understand is why they dont create and use role based security?????? You should be able to solve about 85 % of all security issues by using role grants, if you have a somewhat decent role tree. And only use explicit grants when there is no other way... What do you think about this? How would you have organized the security around this environment as a dba?

I can understand that they are over worked when they never use roles but do explicit grants to every user/object. Just think about how much work they can reuse if they create the roles once and then just add ppl to these roles..

/Henrik