The client has a requirement that the offshore DBA team should not be able to view the few Applications data but they should be able to perform their other activities.
I am looking for options to achieve this. Please let me know if you are aware on any method to achieve this
Please realize that it is very difficult to protect the data from people with DBA-level accounts unless you invest in a feature like DB vault - this will always be an issue with outsourced DBA support.
Pls let me know if there are any other alternatives as DB-Vault is expensive. The one I could think is - Dont give database access to offshore DBA team. We can write Shell scripts for typical operations like Create User & give only Execute permission to offshore DBA team.
Please suggest me any other method you can think of
It really depends on what kind of tasks will be assigned to the offshore team. Some tasks e.g. applying Oracle patches require sys which will be able to do anything , including working around whatever home-built access control that can be put into the database. If they have admin access to the server where the database is housed they can also gain access (O/S authentication) without needing to know any of the userids and passwords.