Community mailing list archives
Re: Odoo vs SAP for data securityby
2015-09-24 12:43 GMT-05:00 Kitti U. <email@example.com>:
It is about security access to database. SAP claim that, no one can access its database and update any number directly. And even there is rights in database, SAP structure in the way it is very complex to understand. All update will be done through SAP only. (is it true?)
Yes and NO.
You can find a pretty objective comparition between Oracle (db behind SAP) and Postgresql (DB behind ODOO).
In both case with root access to your server you "can " access to database "always" foloowing adminisrtative cases, that's not impossible.
The main point is "how do you configure the access to your Postgres server".
If you configure with "peer authentication" you Postgres server with onñy access from "localhost or the IP where odoo is running" then you will need to access the db:
1.- ROot or odoo user access to the server.
2.- Intranet access.
THis 2 points apply also for Oracle.
In what is the unique point where Oracle is "better" than Postgres.
Oracle on "database level" protect "rows" feature that "SAP" do not use frequently and need even admistrative access or using the SAP framework access to be changed (which is exactly the same case than odoo.
In postgres this job is delegated to "ir rules" to odoo, and technically speaking the level is the same than SAP.
Conclusion: About "security on database" it is almost the same which is "It depend on the deploy skills."
Footer Note: You will be able to delete the "almost" in postgres 9.6 and become it "exaclty the same" 
 ORACLE vs POSTGRES COMPARISION: https://en.wikipedia.org/wiki/Comparison_of_relational_database_management_systems