Our new security policies require data access restriction for developers to the production database. Setting up -RO parameter does not work for several reasons (extracts from ‘Startup command and Parameter reference’ http://documentation.progress.com/output/OpenEdge102b/pdfs/dpspr/dpspr.pdf)
1) “If you use the -RO parameter when other users are updating the database, you might see invalid data, such as stale data or index entries pointing to records that have been deleted.”
2) “A read-only session is essentially a single-user session. Read-only users do not share database resources (database buffers, lock table, index cursors).”
3) “When a read-only session starts, it does not check for the existence of a lock file for the database. Furthermore, a read-only user opens the database file, but not the log or before-image files.
Therefore, read-only user activity does not appear in the log file.”
We would like to be able to access data on the production database from OpenEdge Architect, but not being able to edit data. Is it possible?
The short answer is no, they can’t access it directly and read-only.
If you have an appserver, you could write some code which would provide a level of dynamic RO data access via appserver or webservice calls.
The other question I’d have is – what are your developers doing accessing the production database? That should be a big no-no.