Re: DBA's as idiots
- From: Nuno Souto <dbvision@xxxxxxxxxxxx>
- Date: Tue, 03 Jun 2008 09:04:10 +1000
Andrew Kerber wrote,on my timestamp of 3/06/2008 6:49 AM:
have often been tempted.... Though in these days of Sarbanes-Oxley, I could definitely see it happening more often. I would rather explain why privileges were revoked today, than explain to an accountant 6 months down the road why the privileges were granted in the first place.
Oh, I do it all the time. The E&Y auditors here just do not like excessive access rights granted to anyone. They get real upset if they find stray dba or owner rights in our dbs (translate to sysadmin in SQL Server). After the last audit I was told very clearly to remove any access rights, dba or otherwise, that have not been formally approved. Not a biggie with the Oracle dbs, I "cleansed" them long ago. But it's been a lot of fun with the SQL Server side of the world: most 3rd-party apps break if not run as sysadmin or dbo and their support guys just don't get it when someone demands they get real with security! :)
-- Cheers Nuno Souto in foggy Sydney, Australia dbvision@xxxxxxxxxxxx -- http://www.freelists.org/webpage/oracle-l