From RROGERS@galottery.org Fri, 07 Sep 2001 09:31:03 -0700 From: "Ron Rogers" Date: Fri, 07 Sep 2001 09:31:03 -0700 Subject: RE: How do you audit a DBA? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain 13 characters if you count the spaces, 14 with the question mark. >>> lerobe@acxiom.co.uk 09/07/01 12:10PM >>> How Long is a chinese man ? -----Original Message----- Sent: 07 September 2001 16:33 To: Multiple recipients of list ORACLE-L Who audits the auditor's auditor? "Do not criticize someone until you walked a mile in their shoes, that way when you criticize them, you are a mile a way and have their shoes." Christopher R. Spence Oracle DBA Phone: (978) 322-5744 Fax: (707) 885-2275 Fuelspot 73 Princeton Street North, Chelmsford 01863 -----Original Message----- Sent: Friday, September 07, 2001 9:50 AM To: Multiple recipients of list ORACLE-L "The point is, you only need one, single trusted person to hold the administrator account (someone from your audit firm, for example) and almost everything can be done by sub-administrators who only have the precise permissions they need and no more. In theory, anyway :0)" There's that "single point of failure" again! so... the auditor is more trusted than the DBA? Who audits the auditor? >From: "Guy Hammond" >Reply-To: ORACLE-L@fatcity.com >To: Multiple recipients of list ORACLE-L >Subject: RE: How do you audit a DBA? >Date: Fri, 07 Sep 2001 01:45:06 -0800 > >There is an administrator account, but individual users can configure >access control lists on their files (right-click, properties, security) >that would prevent the administrator from reading them. The only way >that an administrator could then read them would be to "take ownership" >first. Unlike Unix, ownership of a file is taken rather than given, so >even if an Administrator read a confidential file, the OS would not let >then erase traces of having done so. If you wanted to steal a file, you >could obviously back it up to tape (if you have the Backup Operator >role) restore it to another system, take ownership there and read it >(unless it was encrypted of course) but there's only so much an OS can >do about physical security. > >The point is, you only need one, single trusted person to hold the >administrator account (someone from your audit firm, for example) and >almost everything can be done by sub-administrators who only have the >precise permissions they need and no more. In theory, anyway :0) > >g > > > >-----Original Message----- >Sent: Thursday, September 06, 2001 2:41 PM >To: Multiple recipients of list ORACLE-L > > >but doesn't there have to be ONE account/role in NT that can assign all >the others? how else could you set up a role or continue to set them >up? > >-- >Please see the official ORACLE-L FAQ: http://www.orafaq.com >-- >Author: Guy Hammond > INET: guy.hammond@avt.co.uk > >Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 >San Diego, California -- Public Internet access / Mailing Lists >-------------------------------------------------------------------- >To REMOVE yourself from this mailing list, send an E-Mail message >to: ListGuru@fatcity.com (note EXACT spelling of 'ListGuru') and in the >message BODY, include a line containing: UNSUB ORACLE-L (or the name of >mailing list you want to be removed from). You may also send the HELP >command for other information (like subscribing). _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: carmichr@hotmail.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru@fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Christopher Spence INET: cspence@FuelSpot.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru@fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please re-send this communication to the sender and delete the original message or any copy of it from your computer system. -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Robertson Lee - lerobe INET: lerobe@acxiom.co.uk Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru@fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Ron Rogers INET: RROGERS@galottery.org Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru@fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).