Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Suggestions for controlling SYSDBA / DBA privileges ?

RE: Suggestions for controlling SYSDBA / DBA privileges ?

From: David Wendelken <davewendelken_at_earthlink.net>
Date: Wed, 3 Aug 2005 15:10:43 -0400
Message-ID: <007501c5985f$0c0ed1a0$6401a8c0@davidwendelken> 







Here are some options:



    
  
  1.   Hire double the number of DBAs, so one can watch what the other one is up
to.  Each only knows 1/2 of each system password, with copies locked up and
sealed in a safe.






Enjoy watching them squirm at the thought of that expense.   :)



2) Use existing financial reports to catch issues.  Saved Hard-copies of
appropriate transaction summary reports would make post-facto changes to the
database very easy to catch.  The transaction totals by account by
time-period wouldn't match.  Of course, that's work for business staffers,
not techies.  Not unbreakable, but makes it harder to pull off.



3) A stand-alone PC that the sys-admins don't have access rights to, which
is properly secured from unauthorized physical access, could also store
check-sums for a more automated verification that things are as they should
be.  Again, not unbreakable, but harder to pull off.



4) Get over it.  That's life in the big city.  Hire *quality* people and pay
them appropriately.  Remind them that CEOs and CFOs have been stealing the
money recently, not DBAs.  :)



>

>How do you respond to Managements that are  "very concerned" 

>after Auditors 

>(the SarbOx type)

>tell them "the DBA has unrestricted privilege on all data in 

>the database".

>




--
http://www.freelists.org/webpage/oracle-l


Received on Wed Aug 03 2005 - 14:17:32 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US