Re: DBA Privileges and Developers
Date: Fri, 1 Feb 2008 15:19:29 -0500
I would tend to agree with that, furthermore I think it is rather unfair to DBA's in generally that they be made the 'cops'. I guess it was part of the reason I got out of the gig was because I got tired of saying no.
Additionally, I would tend to think the common practise of developers make some stored procedures then the dba team puts it into production is kind of silly. Seems like some developer could slip in something. Making the DBA team responible for ckecking thousands of lines of code is easy to have on paper but difficult to do.
I kind of think of it simply if you think someone is going to steal from you then why do you have the person working / contracting for you?
- Nigel Thomas <nigel_cl_thomas_at_yahoo.com> wrote:
> I think the confusion comes because
> - auditors are worried about what the DBA can do
> - a developer is granted read access to some "DBA" views
> - therefore the auditor (or pointy-haired manager) assumes the developer can now do something evil that only a DBA should be allowed to do.
> If the DBA_ views were called DEV_ views, and the developer-useful v$ views were packaged differently, I think a lot of these kind of misunderstandings would fade away.
> Ah well...
> Regards Nigel