Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: sysadmin access

Re: sysadmin access

From: Tanel Poder <tanel_at_@peldik.com>
Date: Wed, 2 Jul 2003 02:29:01 +0300
Message-ID: <3f021949$1_1@news.estpak.ee>


I've usually put it this way:

Those and only those who are responsible running a system should have ability to alter it.
You can't really be responsible of any database when you don't know who else might modify it.

It's harder case with Oracle Application's SYSADMIN user. You could offer him System Administrator responsibility instead SYSADMINs password, then at least it will be seen who has made any changes in case of problems. Or even better, if your director requests the access because (s)he wants to see all your companies financial etc.. data, then offer him other power-user responsibilities for specific modules, then at least (s)he can't f*ck up the whole system, only behaviour of few modules or processes.

Generally, with these kinds of issues with high-level bosses you ought to pass your director and go one level higher from him and ask for a (security) policy, stating which type of employees should have which type of access to which type of data. But of course, you could get your ass burned that way as well :\

Tanel.

"scott" <swordss_at_t-com.com> wrote in message news:e13893d8.0307011015.6879a392_at_posting.google.com...
> Our IS director is insisting that he needs sysadmin access to our
> Oracle Applications instance, I however disagree. Is there a good
> rule of thumb for who does and does not need sysadmin privs to the
> DB/Apps? I need some ammo.
>
> thanks,
>
> Scott
Received on Tue Jul 01 2003 - 18:29:01 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US