Re: distinct user account for security

I agree with one possible exception.

First, you need to define the granularity of DBA work. Many 'DBA' functions are routine and may performed by application users; particularly in a dev environment. Sometimes you may determine you need to break up the 'DBA' function into multiple responsibilities so while SYSTEM should be used for some work ... you might not want to give that level of control to others that don't need it.

Second, auditing is not necessarily degrade performance noticeably. It depends on the application and its environment. I'd be inclined to test for possible degradation rather than just assume it will happen. (of course there is some but it may well not be noticeable).

Daniel Morgan

Niall Litchfield wrote:

> This is my take.
>
> 1. Use the system account for DBA work.
> 2. Document and record all changes in you change management system.
>
> In order to track who does what you need to enable auditing which will
> degrade the performance of your database.
> Proper documentation and also spooling script output etc enables you to see
> not only what was done but what happened when you did it.
>
> --
> Niall Litchfield
> Oracle DBA
> Audit Commission UK
> *****************************************
> Please include version and platform
> and SQL where applicable
> It makes life easier and increases the
> likelihood of a good answer
>
> ******************************************
> "Fleury Marcel" <marcel.fleury_at_bluewin.ch> wrote in message
> news:f18358b2.0201170615.72ad6a58_at_posting.google.com...
> > Hello all,
> > Our dba's users use the default Oracle account to do her job.
> > Is it a good idea to create their own Oracle user account with the
> > same privilege as SYSTEM for exemple ?
> > The goal is to track who do what.
> > Your opinions or comments ?
> >
> > Thank you
> >
> > Marcel
Received on Thu Jan 17 2002 - 08:19:53 CST