In many applications, the initial design did not take security issues into consideration. For example, instead of having all objects in one schema, which leaves much room for risk of mistake or damage, one could split the tables to be in one schema, the packages and procedures in a different schema, and the user in a third schema.. Each schema has permissions to access the objects it needs (the application schema will have permissions to execute the procedures and packages, and the packages schema will have access to the query and the ability to change the data in the tables), thus significantly reducing the potential damage one can do. Over time, and as more and more changes were made, the problem got worse.

In development environments, the issue is even greater. Usually, all objects are in the same schema, making it difficult for a company with access and change protocols in place (i.e. that only DBAs can alter tables) to enforce them. To address this issue, DBAs created a dedicated user with the minimum permissions a developer needs. The developers login with that user. This, of course, makes the DBAs life more complicated, since they need to manually maintain another security mechanism.

An innovative, next-generation database change management solution, like dbMaestro TeamWork™ helps companies solve these challenges and overcome these limitations. It provides advanced permission management capabilities that give you full control over who makes changes to your databases, making it easy to proactively prevent unauthorized modifications to your schemas and their related objects. They work by allowing you to establish very granular access settings, giving each member of your IT or development team modification rights for only certain portions of each schema, based on their role and responsibilities in the application. 

The key benefit of this approach is that it virtually eliminates the risk of accidental or incorrect changes to tables and other objects. 

For example, use the permissions in your TeamWork environment to grant access to all tables to one team, allow another group to modify the procedures, and give yet another set of individuals the ability to change other objects – even if those objects all exist within the same schema.  

Each member of your database management team will be able to view all database objects, but can only modify those they have been granted permission for. In other words, those users who only have full permission for tables can see the associated procedures, but cannot modify them, and vice versa. 

Visit our Website to learn more about permission management, and the other innovative features of dbMaestro TeamWork – database change management software.

Tags: Change Management Software, database change management, Database Change Mangagement, database configuration management, database deployment manager, database design, database management software, database schema control, database version control, DBA, oracle, oracle change management, oracle database version control, oracle version control, permission, SCM, SDLC, Software Change Management, Software Development Life Cycle

This entry was posted on Tuesday, July 20th, 2010 at 4:10 AM and is filed under Technical. You can leave a response, or trackback from your own site.