3 Replies Latest reply on Apr 26, 2016 5:54 AM by 3215521

    DB Access to Functional Consultant


      Hi Experts,


      We are trying restricting production database access to functional consultants (a separate team in IT department) to ensure confidentiality. However they are of the view that they require at least a read only access to production db for following reasons:

      1. To run diagnostic queries for identifying and troubleshooting end user problems
      2. Run diagnostic queries provided by oracle, in case of generating SR
      3. To facilitate user to generating different type of reports by extracting data / generating report as per the user's requirement, they believe that due to large and variant requests it is not possible for them to generate and publish all type of reports.


      Please suggest whether we should accept this risk by giving read only access to functional consultants or we can restrict access without compromising above mentioned reasons.



        • 1. Re: DB Access to Functional Consultant

          Only you know how confidential your data is.

          You don't have to grant read access to everything.


          Another option which I've seen on some sites is they have a support instance which is refreshed nightly overnight and any sensitive data is obfuscated or removed as part of the post-clone scripts. Sure, it's 24 hours behind, so again it depends on how important this is.

          Or you can create views atop the particularly secure data and mask the sensitive bits if possible. Then grant read on those instead. Bear in mind though as soon as you change your data, whether in views or physically, things are going to be different. Row-widths, low and high values, etc etc...

          • 2. Re: DB Access to Functional Consultant
            Pravin Takpire

            What we usually do is create READ_ONLY user (Similar to APPS USER but with read access) on Non-PRODs. For some instances we give access to developer to APPS user also but it is done only after Data Scrambling.

            It all depends on how much emphasis you put on security vs the trouble/extra work you will have to do



            1 person found this helpful
            • 3. Re: DB Access to Functional Consultant

              Thanks you so much for your response.