Great to have you back, Lisa. Sounds like you did a great job on that document. Nothing works quite as well as facts. Also this is a great way to get the heat off of the DBA for saying "no" and deflect the responsibility for policy decisions to the business, where it belongs. I think that many DBAs do just stand there and say 'NO NO NO', and it gets us a reputation as obstructionists with developers and others. Now, who's that trip-trapping over my database? Regards, Jeremiah Wilton ORA-600 Consulting http://www.ora-600.net Koivu, Lisa wrote: > Aahh, the age old war, granting DBA privileges? I am in it > again up to my eyeballs. Instead of standing there and saying > NO, NO, NO, I took the time to pull apart the DBA role and > document in detail what a majority of the roles and system > privileges allow a database user to do within the database and > how some of these privileges are a direct violation of Sarbanes- > Oxley. This document is not perfect, but it?s enough to make > management stop and say, Wait, we can?t allow DBA privileges to > be granted to individuals outside of an administrative role. I > had the document blessed by our security officer. ... -- //www.freelists.org/webpage/oracle-l