RE: Database Owner Question (O/S)

From: Scott Canaan <srcdco_at_rit.edu>
Date: Mon, 05 Oct 2015 12:57:24 +0000
Message-id: <3653B77DCF6DDA4ABAD1E9416F1876D75864AE4E_at_ex03mail01.ad.rit.edu>

Niall,

These are all good questions and I’ll answer them as best as I can.

One of our sys admins is always right, no matter what anyone else thinks and once he gets an idea in his head, that’s the way it will be (even if his boss says no).
According to the above mentioned sys admin, security. Once that word is used, then everyone gets nervous and says that we have to do it because it’s more secure, even if it doesn’t make any difference.
Storage is a SAN and its owned by the systems team. We ask for an amount of disk and it’s supplied, with no information as to volumes or RAID type or anything.
Typically one database per server, with only a couple of exceptions.
The DBA team, which consists of two of us. We will have the same access to all databases, which is why I question the need.

Scott Canaan ’88 (srcdco_at_rit.edu<mailto:srcdco_at_rit.edu>)

(585) 475-7886 – work                (585) 339-8659 – cell

“Life is like a sewer, what you get out of it depends on what you put into it.” – Tom Lehrer

From: Niall Litchfield [mailto:niall.litchfield_at_gmail.com] Sent: Friday, October 02, 2015 9:22 AM
To: Scott Canaan
Cc: oracle-l_at_freelists.org
Subject: Re: Database Owner Question (O/S)

It is indeed both possible and supported https://docs.oracle.com/database/121/LTDQI/toc.htm#BHCBCFDI . I'd be interested however in the answers to

How is it that the O/S team decide which accounts run databases?
What is the underlying reason?
What is your storage for databases and who owns that?
How many databases do you have per server?
Who will manage the databases? Separation of duties can indeed be a real business requirement - often though it is pushed on teams that in fact don't separate duties so you get

DB1

dba                   = dba1
osowner            = db1
inventory           = oinstall
asm                  = asmadmin

DB2

dba                   = dba2
osowner            = db2
inventory           = oinstall
asm                  = asmadmin

and then you get every single actual dba account (scott/niall etc etc) being a member of dba1,dba2,db1,db2,oinstall,asmadmin :)

As Joe points out you also need at least 2xn sets of ORACLE_HOME storage where n is the number of databases.

On Thu, Oct 1, 2015 at 4:37 PM, Scott Canaan <srcdco_at_rit.edu<mailto:srcdco_at_rit.edu>> wrote: We always install Oracle and create the databases under the O/S user oracle in Linux. Our SA has decided that each database should be running under its own user, not oracle. Apparently, this is possible. My questions are: Is anyone doing this? Is it even supported? It seems to me that it would be a nightmare keeping track of the different users that each database is running under.

Scott Canaan ’88 (srcdco_at_rit.edu<mailto:srcdco_at_rit.edu>)

(585) 475-7886<tel:%28585%29%20475-7886> – work                (585) 339-8659<tel:%28585%29%20339-8659> – cell

“Life is like a sewer, what you get out of it depends on what you put into it.” – Tom Lehrer

--
Niall Litchfield
Oracle DBA
http://www.orawin.info

--
http://www.freelists.org/webpage/oracle-l

Received on Mon Oct 05 2015 - 14:57:24 CEST

This message: [ Message body ]
Next message: Tom Dale: "Re: database using more memory than allocated"
Previous message: Chitale, Hemant K: "Any "free / open source" PLSQL scripts for Data Masking"
Maybe in reply to: Scott Canaan: "Database Owner Question (O/S)"
Next in thread: Michael McMullen: "RE: Database Owner Question (O/S)"
Reply: Michael McMullen: "RE: Database Owner Question (O/S)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message