RE: How do you feel about allowing non-DBA's on your database servers?
- From: "Johnson, George" <George.Johnson@xxxxxxx>
- To: <robertgfreeman@xxxxxxxxx>, "Oracle L" <oracle-l@xxxxxxxxxxxxx>
- Date: Tue, 28 Jul 2009 11:57:07 +0100
When you make a decision, make sure you and your position on the matter
are written down. Then there can be no disagreement or ambiguity later
on about what was agreed to. Be very, very careful about setting a bad
precedent, nothing like fighting for the next 9 months with obstinate
users, when you mistakenly agreed to something, always easier to simply
say NO. If you let Fred have it today, then his mate wants it next week,
then Harry and his whole kick up a fuss to get it the following month!
You need to consider getting management on your side, even if you employ
a little bit of BS. Security breaches and data loss are big in the media
right now, suggest to management that it wouldn't be good press to have
the company name dragged through the mud due a very silly data breach
because someone was given unnecessary privs, copied data and lost a USB
stick or laptop in a cab. Get your company compliance department on your
side, the threat of court action due to regulatory breaches always gets
our compliance dept on our side whenever we have a silly fight on our
hands with development or external dealings. Do you have an appointed
security officer you can get on your side to help you cement any
position you take?
I hate "the game", all that political BS gets up my nose and gets in the
way of the job, but when it comes to dealing with something you have to
protect as part of your job and if it goes wrong you will carry the can,
then you need to play "the game" a little bit or at least understand the
rules, so you can get others to play "the game" for you.
________________________________
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Robert Freeman
Sent: 27 July 2009 16:31
To: Oracle L
Subject: How do you feel about allowing non-DBA's on your database
servers?
So, I've got a client that is being pressured by development and support
types to allow access to their database servers. They claim that it's so
they can use tools like ps, sar, topas, etc.... to monitor performance
and deal with support issues.
My position is that this is a huge risk and that I would want an very
limited population of users (read DBA's and SYSADMIN's only) to have
access to these servers.
Anyone have an opinion on this?
RF
Robert G. Freeman
Oracle ACE
Author:
Oracle Database 11g RMAN Backup and Recovery (Oracle Press) - ON IT'S
WAY SOON!
OCP: Oracle Database 11g Administrator Certified Professional Study
Guide (Sybex)
Oracle Database 11g New Features (Oracle Press)
Portable DBA: Oracle (Oracle Press)
Oracle Database 10g New Features (Oracle Press)
Oracle9i RMAN Backup and Recovery (Oracle Press)
Oracle9i New Features (Oracle Press)
Other various titles out of print now...
Blog: http://robertgfreeman.blogspot.com
The LDS Church is looking for DBA's. You do have to be a Church member
in
good standing. A lot of kind people write me, concerned I may be
breaking
the law by saying you have to be a Church member. It's legal I promise!
:-)
http://pages.sssnet.com/messndal/church/parachurch.pdf
Please consider the environment before printing
********************************************************************************************
This message contains confidential information and is intended only for the
individual or entity named. If you are not the named addressee you should not
disseminate, distribute or copy this email.
Please notify the sender immediately by e-mail if you have received this e-mail
by mistake and delete this e-mail from your system. E-mail transmission cannot
be guaranteed to be secure or error-free as information could be intercepted,
corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The
sender therefore does not accept liability for any errors or omissions in the
contents of this message which arise as a result of e-mail transmission. If
verification is required please request a hard-copy version. This message is
provided for informational purposes and should not be construed as an
invitation or offer to buy or sell any securities or related financial
instruments. GAM operates in many jurisdictions and is regulated or licensed in
those jurisdictions as required.
To the extent this email has been sent to you by any GAM company domiciled in
the EU, being GAM (U.K.) Limited, GAM Sterling Management Limited, GAM
International Management Limited, GAM London Limited, GAM Fund Management
Limited, or GAM Fonds Marketing GmbH i.L., please note the following details in
respect of each such company: - GAM (U.K.) Limited (a company limited by shares
and registered in England and Wales with company number 01664573); - GAM
Sterling Management Limited (a company limited by shares and registered in
England and Wales with company number 01750352); - GAM International Management
Limited (a company limited by shares and registered in England and Wales with
company number 01802911); - GAM London Limited (a company limited by shares and
registered in England and Wales with company number with Company Number
00874802) Each of Registered Office: 12 St. James's Place, London, SW1A 1NX
GAM Sterling Management Limited, GAM International Management Limited and GAM
London Limited are each authorised and regulated by the Financial Services
Authority. GAM Fund Management Limited (a company limited by shares and
registered in Ireland with no. 156828) of Registered Office: George's Court
54-62 Townsend Street Dublin 2, Ireland
GAM Fonds Marketing GmbH, i.L. (a company limited by shares and registered in
Germany under No. HRB 66857) of Friedrichstrasse 154, D-10117 Berlin, Germany.
The competent Commercial Register is "Amtsgericht Charlottenburg" in Berlin.
Liquidator: Daniel Durrer.
Other related posts:
