RE: DBA Privileges and Developers

From: Jeremiah Wilton <>
Date: Thu, 24 Jan 2008 13:09:36 -0800
Message-ID: <01cd01c85ecd$6d927300$48b75900$@net>

Great to have you back, Lisa. Sounds like you did a great job on that document. Nothing works quite as well as facts. Also this is a great way to get the heat off of the DBA for saying "no" and deflect the responsibility for policy decisions to the business, where it belongs. I think that many DBAs do just stand there and say 'NO NO NO', and it gets us a reputation as obstructionists with developers and others.

Now, who's that trip-trapping over my database?


Jeremiah Wilton
ORA-600 Consulting

Koivu, Lisa wrote:

> Aahh, the age old war, granting DBA privileges…  I am in it
> again up to my eyeballs.  Instead of standing there and saying
> NO, NO, NO, I took the time to pull apart the DBA role and
> document in detail what a majority of the roles and system
> privileges allow a database user to do within the database and
> how some of these privileges are a direct violation of Sarbanes-
> Oxley.  This document is not perfect, but it’s enough to make
> management stop and say, Wait, we can’t allow DBA privileges to
> be granted to individuals outside of an administrative role.  I
> had the document blessed by our security officer.

Received on Thu Jan 24 2008 - 15:09:36 CST

Original text of this message