sdowning720
Reputation: 1
Is there a way to protect SQL statements from being altered, while still allowing the person to execute the statement?
I work for a large organization that relies heavily on SQL developer for financial reconciliation. We have only SELECT privileges. Several people have access to the same SQL statements, is there a way to ensure they cant change the code? We need to ensure that people who have access to run our SQL statements to generate a report, do not have the ability to change the code. This forces them to submit change requests if they need the code change, which helps us to create and audit log of the changes made. Our financial audit includes audit of our SQL statements. With too many people making changes it is hard to track/validate the change.
Upvotes: 0
Views: 25
Answers (1)
MT0
Reputation: 167972
- Remove their privileges to
SELECTfrom the tables directly. - Wrap the existing code in a stored procedure (if bind variables are used in the SQL statement then they can be arguments to the stored procedure).
- This also allows you to put additional code for verification/auditing inside the stored procedure so that it is automatically run with the query(ies) that the users require.
- Create a
ROLEand grant theEXECUTEprivilege on the stored procedure to that role. - Give that role only to the people who are required to run that stored procedure.
Upvotes: 1
Related Questions
- SQL TRIGGER: How do you restrict something from being changed?
- How to lock down sql developer to allow SELECT queries
- Make a database column not editable
- SQL Security - creating a secure SQL command
- Restrict executeQuery from data manipulation in java for oracle
- How to prevent write access to a Oracle table
- How to protect 1 column in table from updation/deletion?
- .Net. Prevent modifying data when running sql query
- Prevent table data editing in Oracle SQL Developer
- Sql prevent row being modified