cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

We are happy to announce the new Windchill Customization board! Learn more.

Seperation of duties question

JoePriest
8-Gravel
8-Gravel
‎Feb 17, 2012 09:18 AM
‎Feb 17, 2012 09:18 AM

Seperation of duties question

Informal poll here...


How many of you as Windchill administrators also do some level of database manipulation such as select statements or update statements to the production database for example?


Do you have some internal policies that prevent this from happening at all? If so, to what level?


Thanks.


Joe

Labels:
0 Kudos
Notify Moderator
2 REPLIES 2
JoePriest
8-Gravel
8-Gravel
(To:JoePriest)
‎Feb 20, 2012 11:53 AM
‎Feb 20, 2012 11:53 AM

I had 3 people respond privately to me and they said that they are able to mainpulate (e.g. select, update)the Production database. The frequency might not be often but they can if for example, they are directed by Tech Support to do so.


I'm still interested in hearing from more people on this topic! Thanks.


Joe

0 Kudos
Notify Moderator
atwood
10-Marble
10-Marble
(To:JoePriest)
‎Feb 23, 2012 09:35 AM
‎Feb 23, 2012 09:35 AM

Couple of caveats, mostly because you mentioned "update" as well as "select":



  • querying against the database using Select statements is generally safe, although if the amount of querying is significant you should be allocating additional resources to it so that regular Windchill activity is unaffected (or use a data warehouse, see below).

  • direct Update or Delete statements(notproduced byWindchill app layer) should never be run against production unless they have been provided to you by PTC Development (through TS). The risk and responsibility is not something you should accept. Even when the statements are provided by PTC, you should have a policy of always backing up the database first.

  • TS can and does occasionally recommend creation of additional indexes to help performance. This activity is generally safe and easily reversible in the rare occasion that it slows down some other piece of functionality. TS neverprovides Update or Delete statements unless they have been vetted by Development.

  • an mirrored data warehouse is usually the bestmethod to allow additional SQLusing production data.

  • the windchilldbuser and password values should be locked down and known only to the DBAs. Do not create additional Oracle users with theability to write into the Windchill schema.In 10.0 the windchilldbpassword is now encrypted automatically.

Regards,


Tim Atwood


PTC Enterprise Deployment Center

0 Kudos
Notify Moderator
Top Tags