RE: How do you feel about allowing non-DBA's on your database servers?
Date: Tue, 28 Jul 2009 11:57:07 +0100
Message-ID: <A4AF649BCC498F47B854200B42DEC119056A6089_at_MSAS-LDN90P.global.gam.com>
When you make a decision, make sure you and your position on the matter are written down. Then there can be no disagreement or ambiguity later on about what was agreed to. Be very, very careful about setting a bad precedent, nothing like fighting for the next 9 months with obstinate users, when you mistakenly agreed to something, always easier to simply say NO. If you let Fred have it today, then his mate wants it next week, then Harry and his whole kick up a fuss to get it the following month!
You need to consider getting management on your side, even if you employ a little bit of BS. Security breaches and data loss are big in the media right now, suggest to management that it wouldn't be good press to have the company name dragged through the mud due a very silly data breach because someone was given unnecessary privs, copied data and lost a USB stick or laptop in a cab. Get your company compliance department on your side, the threat of court action due to regulatory breaches always gets our compliance dept on our side whenever we have a silly fight on our hands with development or external dealings. Do you have an appointed security officer you can get on your side to help you cement any position you take?
I hate "the game", all that political BS gets up my nose and gets in the way of the job, but when it comes to dealing with something you have to protect as part of your job and if it goes wrong you will carry the can, then you need to play "the game" a little bit or at least understand the rules, so you can get others to play "the game" for you.
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Robert Freeman
Sent: 27 July 2009 16:31
To: Oracle L
Subject: How do you feel about allowing non-DBA's on your database
servers?
So, I've got a client that is being pressured by development and support types to allow access to their database servers. They claim that it's so they can use tools like ps, sar, topas, etc.... to monitor performance and deal with support issues.
My position is that this is a huge risk and that I would want an very limited population of users (read DBA's and SYSADMIN's only) to have access to these servers.
Anyone have an opinion on this?
RF
Robert G. Freeman
Oracle ACE
Author:
Oracle Database 11g RMAN Backup and Recovery (Oracle Press) - ON IT'S
WAY SOON!
OCP: Oracle Database 11g Administrator Certified Professional Study
Guide (Sybex)
Oracle Database 11g New Features (Oracle Press)
Portable DBA: Oracle (Oracle Press)
Oracle Database 10g New Features (Oracle Press)
Oracle9i RMAN Backup and Recovery (Oracle Press)
Oracle9i New Features (Oracle Press)
Other various titles out of print now...
Blog: http://robertgfreeman.blogspot.com
The LDS Church is looking for DBA's. You do have to be a Church member
in
good standing. A lot of kind people write me, concerned I may be
breaking
the law by saying you have to be a Church member. It's legal I promise!
:-)
http://pages.sssnet.com/messndal/church/parachurch.pdf
Please consider the environment before printing
This message contains confidential information and is intended only for the individual or entity named. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as an invitation or offer to buy or sell any securities or related financial instruments. GAM operates in many jurisdictions and is regulated or licensed in those jurisdictions as required. To the extent this email has been sent to you by any GAM company domiciled in the EU, being GAM (U.K.) Limited, GAM Sterling Management Limited, GAM International Management Limited, GAM London Limited, GAM Fund Management Limited, or GAM Fonds Marketing GmbH i.L., please note the following details in respect of each such company: - GAM (U.K.) Limited (a company limited by shares and registered in England and Wales with company number 01664573); - GAM Sterling Management Limited (a company limited by shares and registered in England and Wales with company number 01750352); - GAM International Management Limited (a company limited by shares and registered in England and Wales with company number 01802911); - GAM London Limited (a company limited by shares and registered in England and Wales with company number with Company Number 00874802) Each of Registered Office: 12 St. James's Place, London, SW1A 1NX GAM Sterling Management Limited, GAM International Management Limited and GAM London Limited are each authorised and regulated by the Financial Services Authority. GAM Fund Management Limited (a company limited by shares and registered in Ireland with no. 156828) of Registered Office: George's Court 54-62 Townsend Street Dublin 2, Ireland GAM Fonds Marketing GmbH, i.L. (a company limited by shares and registered in Germany under No. HRB 66857) of Friedrichstrasse 154, D-10117 Berlin, Germany. The competent Commercial Register is "Amtsgericht Charlottenburg" in Berlin. Liquidator: Daniel Durrer.
-- http://www.freelists.org/webpage/oracle-lReceived on Tue Jul 28 2009 - 05:57:07 CDT