cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Seperation of duties question

Highlighted
Regular Member

Seperation of duties question

Informal poll here...


How many of you as Windchill administrators also do some level of database manipulation such as select statements or update statements to the production database for example?


Do you have some internal policies that prevent this from happening at all? If so, to what level?


Thanks.


Joe

2 REPLIES 2
Highlighted

RE: Seperation of duties question

I had 3 people respond privately to me and they said that they are able to mainpulate (e.g. select, update)the Production database. The frequency might not be often but they can if for example, they are directed by Tech Support to do so.


I'm still interested in hearing from more people on this topic! Thanks.


Joe

Highlighted

RE: Seperation of duties question

Couple of caveats, mostly because you mentioned "update" as well as "select":



  • querying against the database using Select statements is generally safe, although if the amount of querying is significant you should be allocating additional resources to it so that regular Windchill activity is unaffected (or use a data warehouse, see below).

  • direct Update or Delete statements(notproduced byWindchill app layer) should never be run against production unless they have been provided to you by PTC Development (through TS). The risk and responsibility is not something you should accept. Even when the statements are provided by PTC, you should have a policy of always backing up the database first.

  • TS can and does occasionally recommend creation of additional indexes to help performance. This activity is generally safe and easily reversible in the rare occasion that it slows down some other piece of functionality. TS neverprovides Update or Delete statements unless they have been vetted by Development.

  • an mirrored data warehouse is usually the bestmethod to allow additional SQLusing production data.

  • the windchilldbuser and password values should be locked down and known only to the DBAs. Do not create additional Oracle users with theability to write into the Windchill schema.In 10.0 the windchilldbpassword is now encrypted automatically.

Regards,


Tim Atwood


PTC Enterprise Deployment Center

Announcements