RE: DBA Privileges and Developers
Date: Thu, 24 Jan 2008 13:09:36 -0800
Great to have you back, Lisa. Sounds like you did a great job on that document. Nothing works quite as well as facts. Also this is a great way to get the heat off of the DBA for saying "no" and deflect the responsibility for policy decisions to the business, where it belongs. I think that many DBAs do just stand there and say 'NO NO NO', and it gets us a reputation as obstructionists with developers and others.
Now, who's that trip-trapping over my database?
Koivu, Lisa wrote:
> Aahh, the age old war, granting DBA privileges… I am in it
> again up to my eyeballs. Instead of standing there and saying
> NO, NO, NO, I took the time to pull apart the DBA role and
> document in detail what a majority of the roles and system
> privileges allow a database user to do within the database and
> how some of these privileges are a direct violation of Sarbanes-
> Oxley. This document is not perfect, but it’s enough to make
> management stop and say, Wait, we can’t allow DBA privileges to
> be granted to individuals outside of an administrative role. I
> had the document blessed by our security officer.