Re: Question To Test My Sanity
Date: Thu, 11 Apr 2019 09:23:24 -0400
Message-ID: <CAN6wuX0B=wQBFoKRe2znfh5hvxr3P-rZFDPBbdmF84bRFkg1Nw_at_mail.gmail.com>
"Hey, Kellyn answered on two threads today!" :)
Having worked on both sides of the house, as a SQL DBA and an Oracle DBA,
the one thing I learned was that server admins on the Linux/Unix side
rarely thought they were DBAs. Windows admins very often thought they
could do a SQL Server DBAs job because they could run the install...:) The
best administrators, no matter server, database or application, have some
control issues. They need to for security reasons to ensure the
environment they are responsible for is taken care of. These control
issues can get a bit out of control and that's what you're experiencing
here.
*Kellyn Pot'Vin-Gorman*
On Thu, Apr 11, 2019 at 8:07 AM Scott Canaan <srcdco_at_rit.edu> wrote:
> This is not so much of a technical question, but more of a procedural
Jump box designs leads to DBAs working through critical issues on a host
that is not as familiar to them as their own workstation and tools. It
leads to human error and in my experience, leads to more critical outages
and longer outages. Having the right balance of security and letting
people be the best they can at their job is not something we in IT prevail
at very often. Egos and control issues just get in the way.
The best way to address this is to have an open conversation, not about
what they aren't letting you do, but to have management in the room, and
maybe even the business and discuss the risks around not having access to
the server- lacking ability to respond immediately to issues, missing
tools that provide more insight and how Oracle support is best when the DBA
is able to manage their database over a Windows admin. How many Windows
server admins would have no problem deleting a very large log from a
server- like one called redo02.log, etc? We don't expect them to be DBAs,
but they need to respect that our role is needed for a reason.
DBAKevlar Blog <http://dbakevlar.com>
President Denver SQL Server User Group <http://denversql.org/>
about.me/dbakevlar
> question.
>
>
>
> Here’s the back story. Yesterday, we were told by the Windows Sys Admins
> that they’ve decided that we (DBAs) are no longer allowed to access
> databases running on Windows servers directly from our PCs. We now have to
> remote into another server, called dbatools, and only from there can we
> directly access databases. They’ve loaded our tools (TOAD, PL/SQL
> Developer, SQL Server Management Studio, etc.) on that server and are in
> the process of removing our IP addresses from the firewalls on the Windows
> servers, forcing us to use this one server for all of our access.
>
>
>
> When I asked why, the only answer I got was “security”. What I read into
> that is “We don’t trust you”. This is being done without any input from us
> or any discussion, it’s just happening.
>
>
>
> The question: Has anyone else run into this kind of setup? Is this a
> common configuration?
>
>
>
> Thank you,
>
>
>
> *Scott Canaan ‘88*
>
> *Sr Database Administrator *Information & Technology Services
> Finance & Administration
>
>
> *Rochester Institute of Technology *o: (585) 475-7886 | f: (585) 475-7520
>
> *srcdco_at_rit.edu <srcdco_at_rit.edu>* | c: (585) 339-8659
>
> *CONFIDENTIALITY NOTE*: The information transmitted, including
> attachments, is intended only for the person(s) or entity to which it is
> addressed and may contain confidential and/or privileged material. Any
> review, retransmission, dissemination or other use of, or taking of any
> action in reliance upon this information by persons or entities other than
> the intended recipient is prohibited. If you received this in error, please
> contact the sender and destroy any copies of this information.
>
>
>
-- http://www.freelists.org/webpage/oracle-lReceived on Thu Apr 11 2019 - 15:23:24 CEST