Re: How do you feel about allowing non-DBA's on your database servers?
Date: Mon, 27 Jul 2009 10:30:35 -0700
If you can provide a TEST system that is identical to your PROD system, then sure, keep the developers off. HOWEVER, I have never, in my 30 years as a developer seen a TEST system that was identical to the PROD system. If you don't allow developers on the PROD system, how are they going to trouble-shoot problems which surface in the PROD system but not the TEST system?
The question is not if you should grant developers access to prod, it is HOW you should grant access. Access should be granted only on an "as needed" basis.
Remember, the safest, most secure system is one that you unplug from the wall. Very safe, NOT very effective and accomplishing the goals of the company.
On Mon, Jul 27, 2009 at 8:31 AM, Robert Freeman <robertgfreeman_at_yahoo.com>wrote:
> So, I've got a client that is being pressured by development and support
> types to allow access to their database servers. They claim that it's so
> they can use tools like ps, sar, topas, etc.... to monitor performance and
> deal with support issues.
> My position is that this is a huge risk and that I would want an very
> limited population of users (read DBA's and SYSADMIN's only) to have access
> to these servers.
> Anyone have an opinion on this?
> Robert G. Freeman
> Oracle ACE
> Oracle Database 11g RMAN Backup and Recovery (Oracle Press) - ON IT'S WAY
> OCP: Oracle Database 11g Administrator Certified Professional Study Guide
> Oracle Database 11g New Features (Oracle Press)
> Portable DBA: Oracle (Oracle Press)
> Oracle Database 10g New Features (Oracle Press)
> Oracle9i RMAN Backup and Recovery (Oracle Press)
> Oracle9i New Features (Oracle Press)
> Other various titles out of print now...
> Blog: http://robertgfreeman.blogspot.com
> The LDS Church is looking for DBA's. You do have to be a Church member in
> good standing. A lot of kind people write me, concerned I may be breaking
> the law by saying you have to be a Church member. It's legal I promise! :-)