Re: How do you feel about allowing non-DBA's on your database servers?

From: Subodh Deshpande <subodh_deshpande_at_yahoo.com>
Date: Tue, 28 Jul 2009 02:41:20 -0700 (PDT)
Message-ID: <394957.6965.qm_at_web31105.mail.mud.yahoo.com>

yes its huge risk and there is no recylcle bin like windows on UNIX based platforms.
Only dba's and sysadmin should be allowed to access OS and Databases.�
May I suggest you, how about if you and or your client think about followings
In many environments the role of sysadmin and DBAs is purposely kept�separate for additional security and ease of work
DBA's only�have DBA related access privs granted and 
sysadmin do OS realted jobs. 
If at all DBA requires�root access(requires only when os patching or new product installation), OS patch applications,�information about ports, disks, mount points and other devices,�DBA can obtain this information from sysadmin or can get it done by communicating sysadmin.�OR by�creating pseudo root DBA can still�do some of these tasks.

thanks and take care..subodh

________________________________
From: Robert Freeman <robertgfreeman_at_yahoo.com>
To: Oracle L <oracle-l_at_freelists.org>
Sent: Monday, 27 July, 2009 21:01:14
Subject: How do you feel about allowing non-DBA's on your database servers?


So, I've got a client that is being pressured by development and support types to allow access to their database servers. They claim that it's so they can use tools like ps, sar, topas, etc.... to monitor performance and deal with support issues.

My position is that this is a huge risk and that I would want an very limited population of users (read DBA's and SYSADMIN's only) to have access to these servers.

Anyone have an opinion on this?

RF


Robert G. Freeman
Oracle ACE
Author:
Oracle Database 11g RMAN Backup and Recovery (Oracle Press) - ON IT'S WAY SOON!
OCP: Oracle Database 11g Administrator Certified Professional Study Guide (Sybex)
Oracle Database 11g New Features (Oracle Press)
Portable DBA: Oracle (Oracle Press)
Oracle Database 10g New Features (Oracle Press)
Oracle9i RMAN Backup and Recovery (Oracle Press)
Oracle9i New Features (Oracle Press)
Other various titles out of print now...
Blog: http://robertgfreeman.blogspot.com 
The LDS Church is looking for DBA's. You do have to be a Church member in
good standing. A lot of kind people write me, concerned I may be breaking
the law by saying you have to be a Church member. It's legal I promise! :-)
http://pages.sssnet.com/messndal/church/parachurch.pdf

--
http://www.freelists.org/webpage/oracle-l

Received on Tue Jul 28 2009 - 04:41:20 CDT

This message: [ Message body ]
Next message: Nuno Souto: "Re: How do you feel about allowing non-DBA's on your database servers?"
Previous message: Jared Still: "Re: ** high water mark for small tables"
In reply to: Robert Freeman: "How do you feel about allowing non-DBA's on your database servers?"
Next in thread: Nuno Souto: "Re: How do you feel about allowing non-DBA's on your database servers?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message