Re: How do you feel about allowing non-DBA's on your database servers?

• From: Subodh Deshpande <subodh_deshpande@xxxxxxxxx>
• To: robertgfreeman@xxxxxxxxx, Oracle L <oracle-l@xxxxxxxxxxxxx>
• Date: Tue, 28 Jul 2009 02:41:20 -0700 (PDT)

yes its huge risk and there is no recylcle bin like windows on UNIX based 
platforms.
Only dba's and sysadmin should be allowed to access OS and Databases. 
May I suggest you, how about if you and or your client think about followings
In many environments the role of sysadmin and DBAs is purposely kept separate 
for additional security and ease of work
DBA's only have DBA related access privs granted and 
sysadmin do OS realted jobs. 
If at all DBA requires root access(requires only when os patching or new 
product installation), OS patch applications, information about ports, disks, 
mount points and other devices, DBA can obtain this information from sysadmin 
or can get it done by communicating sysadmin. OR by creating pseudo root DBA 
can still do some of these tasks.

thanks and take care..subodh

________________________________
From: Robert Freeman <robertgfreeman@xxxxxxxxx>
To: Oracle L <oracle-l@xxxxxxxxxxxxx>
Sent: Monday, 27 July, 2009 21:01:14
Subject: How do you feel about allowing non-DBA's on your database servers?


So, I've got a client that is being pressured by development and support types 
to allow access to their database servers. They claim that it's so they can use 
tools like ps, sar, topas, etc.... to monitor performance and deal with support 
issues.

My position is that this is a huge risk and that I would want an very limited 
population of users (read DBA's and SYSADMIN's only) to have access to these 
servers.

Anyone have an opinion on this?

RF


Robert G. Freeman
Oracle ACE
Author:
Oracle Database 11g RMAN Backup and Recovery (Oracle Press) - ON IT'S WAY SOON!
OCP: Oracle Database 11g Administrator Certified Professional Study Guide 
(Sybex)
Oracle Database 11g New Features (Oracle Press)
Portable DBA: Oracle (Oracle Press)
Oracle Database 10g New Features (Oracle Press)
Oracle9i RMAN Backup and Recovery (Oracle Press)
Oracle9i New Features (Oracle Press)
Other various titles out of print now...
Blog: http://robertgfreeman.blogspot.com 
The LDS Church is looking for DBA's. You do have to be a Church member in
good standing. A lot of kind people write me, concerned I may be breaking
the law by saying you have to be a Church member. It's legal I promise! :-)
http://pages.sssnet.com/messndal/church/parachurch.pdf 


      

• References:
  • Downgrading to Standard Edition
    • From: Schauss, R. Peter (IT Solutions)
  • Re: Downgrading to Standard Edition
    • From: Mathias Magnusson
  • How do you feel about allowing non-DBA's on your database servers?
    • From: Robert Freeman

Other related posts:

• » How do you feel about allowing non-DBA's on your database servers?- Robert Freeman
• » RE: How do you feel about allowing non-DBA's on your database servers?- SHEEHAN, JEREMY
• » Re: How do you feel about allowing non-DBA's on your database servers?- Andrew Kerber
• » Re: How do you feel about allowing non-DBA's on your database servers?- Janine Sisk
• » RE: How do you feel about allowing non-DBA's on your database servers?- Zelli, Brian
• » RE: How do you feel about allowing non-DBA's on your database servers?- Clarke, Andrew
• » Re: How do you feel about allowing non-DBA's on your database servers?- David Barbour
• » Re: How do you feel about allowing non-DBA's on your database servers?- Joey D'Antoni
• » RE: How do you feel about allowing non-DBA's on your database servers?- Roberts, David (GSD - UK)
• » RE: How do you feel about allowing non-DBA's on your database servers?- Michael . Coll-Barth
• » Re: How do you feel about allowing non-DBA's on your database servers?- Michael Moore
• » RE: How do you feel about allowing non-DBA's on your database servers?- Joel.Patterson
• » Re: How do you feel about allowing non-DBA's on your database servers?- Rich Jesse
• » Re: How do you feel about allowing non-DBA's on your database servers?- Martin Berger
• » Re: How do you feel about allowing non-DBA's on your database servers?- dave
• » Re: How do you feel about allowing non-DBA's on your database servers?- Michael Moore
• » Re: How do you feel about allowing non-DBA's on your database servers?- Jonathan Intner
• » Re: How do you feel about allowing non-DBA's on your database servers? - Subodh Deshpande
• » Re: How do you feel about allowing non-DBA's on your database servers?- Nuno Souto
• » RE: How do you feel about allowing non-DBA's on your database servers?- Johnson, George
• » RE: How do you feel about allowing non-DBA's on your database servers?- Michael . Coll-Barth
• » Re: How do you feel about allowing non-DBA's on your database servers?- Subodh Deshpande
• » Re: How do you feel about allowing non-DBA's on your database servers?- Jared Still
• » Re: How do you feel about allowing non-DBA's on your database servers?- Rich Jesse
• » Re: How do you feel about allowing non-DBA's on your database servers?- Jared Still
• » Re: How do you feel about allowing non-DBA's on your database servers?- Niall Litchfield
• » Re: How do you feel about allowing non-DBA's on your database servers?- Tony van Lingen
• » Re: How do you feel about allowing non-DBA's on your database servers?- Jonathan Intner

1. Home
2. oracle-l
3. Archive
4. 07-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---