Re: Need DBA advices on creating a new user, application level or DBA level?

From: wildpony <z1wildpony_at_hotmail.com>
Date: 2000/08/03
Message-ID: <39897513.FC24ACCA_at_hotmail.com>#1/1

have the stored procedure keep track and write out to a file the nt/unix users id that created and new users or modified a user's account, so your dba can keep track of this....it works for me...as a dba i do not always have time for people to be tacking me down to create new users.....and the user that is creating new users should only have the exact access they need and no more...

"C. Ferguson" wrote:

> Hi,
> Have your dba create the stored procedure that will create a new user.
> If any db changes occur in the future,
> the modificaitons have now been isolated to this stored procedure.
>
> He has a good point though, in that anyone who knows the password to the
> projecta_owner can perform this task.
> Think about security for this issue.
>
> hth,
> cindy
>
> Jimmy wrote:
>
> > Hello all,
> >
> > Recently, my company wants to develop an application. One of the
> > functions of the application is it can create a new user. This function
> > can only be done by a project owner, such as PROJECTA_OWNER.
> > PROJECTA_OWNER is not a DBA, he is just a project owner with some system
> > privileges (such as create user).
> >
> > However, my company's DBA strongly disagree this function. He said
> > that creating a new user should be done by DBA, not on application
> > level. This is because using a client application to create a user may
> > bypass his vision, as a result, he don't know why such a user exist
> > after the application is running (since anyone who knows the
> > PROJECTA_OWNER password can create a new user). He think that it is more
> > difficult to manage the user accounts in the future.
> >
> > Now, I have some questions:
> >
> > 1) What do u think the above scenario? Should user creation done by
> > DBA, or done on application level? ANy other disadvantages if done on
> > application level?
> >
> > 2) I know that if done on application level, PROJECTA_OWNER need to
> > alter some user parameters (e.g. default and temporary tablespace etc).
> > However, such parameters may need to be hardcoded. This is not a good
> > practice since we need to recompile the program if the tablespace name
> > is changed to another name. Is there other ways to handle such
> > situation? (I think using a PL/SQL procedure to create a new user, and
> > the application is calling this procedure. This procedure is written by
> > DBA. In this way, DBA can change this procedure without affect the
> > application. Am I right)
> >
> > Any suggestions?
> >
> > Thanks,
> > David
Received on Thu Aug 03 2000 - 00:00:00 CEST

This message: [ Message body ]
Next message: Fuzzy: "Re: Need DBA advices on creating a new user, application level or DBA level?"
Previous message: James Williams: "Re: SOUNDEX"
Maybe in reply to: C. Ferguson: "Re: Need DBA advices on creating a new user, application level or DBA level?"
In reply to C. Ferguson: "Re: Need DBA advices on creating a new user, application level or DBA level?"
Next in thread: Fuzzy: "Re: Need DBA advices on creating a new user, application level or DBA level?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message