Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> Re: How to keep "root" out?

Re: How to keep "root" out?

From: Jonathan Gennick <>
Date: Thu, 28 Aug 2003 08:49:28 -0800
Message-ID: <>

Thursday, August 28, 2003, 11:34:27 AM, Walter wrote:

WK> We have a couple people in our Unix admin group that feel the need to "help" by
WK> writing their own DB monitoring scripts. Of course, they don't know what they're
WK> talking about.

Why, the dasterdly do-gooders! How dare they!<grin>

You know, one approach, and some might see this as heretical, is to simply give them a "safer" login that lets them query the V$ views. I'd probably let a sys admin look at those if he/she really wanted to, though I've been fortunate to always work with admins I trust not to go off the deep end and actually change anything without talking to me first.

I've given developers access to V$ views on development and test instances. That never caused me any problems or grief.

So you give your sys admins access, and you make it very clear that *you* are the DBA, and that if they find something significant, they should come to you about it; they should not make changes themselves. A good sys admin ought to understand that. After all, they are in much the same boat. They don't want you mucking about too much with the o/s.

I wouldn't try to fight this battle by attempting to lock them out of your database in a technical manner, such as via a password protection. After all, they are the sys admins, and they can pretty much do anything. I'd approach this as a management issue. It is a management issue. Go to your management and point out that *you* are the DBA, that *you* have bottom-line responsibility for the databases, and make a case that your sys admins are abusing their privileges, and thereby compromising your ability to maintain a stable database environment. A good manager will understand that.

But first I'd try to work with my sys admin in a more friendly manner. If he just wants to monitor, and is willing to commit to not making a *change*, then why not let him have at it? He might learn something about Oracle and become a useful ally. Or he might lose interest after awhile.

Best regards,

Jonathan Gennick --- Brighten the corner where you are * 906.387.1698 *

Join the Oracle-article list and receive one article on Oracle technologies per month by email. To join, visit, or send email to and include the word "subscribe" in either the subject or body.


Please see the official ORACLE-L FAQ:

Author: Jonathan Gennick

Fat City Network Services    -- 858-538-5051
San Diego, California        -- Mailing list and web hosting services
To REMOVE yourself from this mailing list, send an E-Mail message to: (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Thu Aug 28 2003 - 11:49:28 CDT

Original text of this message