Re: Need DBA advices on creating a new user, application level or DBA level?

On Wed, 02 Aug 2000 22:37:01 -0700, Jimmy <anonymous_at_anonymous.com> wrote:

>Hello all,
>
> Recently, my company wants to develop an application. One of the
>functions of the application is it can create a new user. This function
>can only be done by a project owner, such as PROJECTA_OWNER.
>PROJECTA_OWNER is not a DBA, he is just a project owner with some system
>privileges (such as create user).
>
> However, my company's DBA strongly disagree this function. He said
>that creating a new user should be done by DBA, not on application
>level. This is because using a client application to create a user may
>bypass his vision, as a result, he don't know why such a user exist
>after the application is running (since anyone who knows the
>PROJECTA_OWNER password can create a new user). He think that it is more
>difficult to manage the user accounts in the future.

Spot the DBA's trying to make sure they don't go out of business! :-)

It is safe to allow the application to do this so long as

1. The exact permissions and defaults for the users created are known (e.g. documented in the manual)
2. These permissions are not considered excessive.

For instance, an app that we write provides user creation, but also has the option of turning this off and allowing the DBA to do it in the background. Kind of the best of both worlds.

Any DBA who says "No, only I should do that" has too much time on their hands :-) (I'll get flamed for that)

Ciao
Fuzzy
;-) Received on Thu Aug 03 2000 - 00:00:00 CEST