RE: How do you feel about allowing non-DBA's on your database servers?

• From: "Roberts, David (GSD - UK)" <david.h.roberts@xxxxxxxxxx>
• To: <robertgfreeman@xxxxxxxxx>, "Oracle L" <oracle-l@xxxxxxxxxxxxx>
• Date: Mon, 27 Jul 2009 17:16:04 +0100

I would say that there a 3 Scenarios.

 

Firstly, the historical scenario where for performance reasons, the
application and Database are both implemented on the same server.

 

Here it is unfortunately necessary that developers have access to their
application. However I would also suggest that it would probably be
worth re-architecting to solution so that the database was segregated
from the application, even if the only way to justify it would be to
dangle to possibility of saving on Database license costs. 

 

Secondly, there is the scenario where the DBA does not have root access,
where the sysadmin is required to run root.sh on your behalf etc.

 

In this scenario, it is the ultimate responsibility of the sysadmin to
either grant or deny access, although it is obviously appropriate for
the DBA to advise (against).

 

Finally there is the scenario where the DBA has free access to root.

 

It is of critical importance that duhvelopers are not granted access in
this scenario. I have seen many cases where DBAs have chmoded 777
/usr/local/bin, so they can copy in their scripts without resetting the
permissions afterwards, or writing root crontab setups to flat files to
edit them safely, and then after the new settings have been implemented
not deleting the crontab file backup, so any user can then read the
contents of the old root crontab file!

 

It is a given that the DBA is the expert in Oracle, they are unlikely to
be an expert in all the underlying operating systems on which Oracle is
implemented. In the area of the operating system, the developers are
likely to have knowledge that the DBA lacks, and granting access is
probably going to give the developers substantially more power than was
anticipated or planned.

 

Dave

 



Please help Logica to respect the environment by not printing this email  / 
Pour contribuer comme Logica au respect de l'environnement, merci de ne pas 
imprimer ce mail /  Bitte drucken Sie diese Nachricht nicht aus und helfen Sie 
so Logica dabei, die Umwelt zu schützen /  Por favor ajude a Logica a respeitar 
o ambiente nao imprimindo este correio electronico.



This e-mail and any attachment is for authorised use by the intended 
recipient(s) only. It may contain proprietary material, confidential 
information and/or be subject to legal privilege. It should not be copied, 
disclosed to, retained or used by, any other party. If you are not an intended 
recipient then please promptly delete this e-mail and any attachment and all 
copies and inform the sender. Thank you.

• References:
  • How do you feel about allowing non-DBA's on your database servers?
    • From: Robert Freeman

Other related posts:

• » How do you feel about allowing non-DBA's on your database servers?- Robert Freeman
• » RE: How do you feel about allowing non-DBA's on your database servers?- SHEEHAN, JEREMY
• » Re: How do you feel about allowing non-DBA's on your database servers?- Andrew Kerber
• » Re: How do you feel about allowing non-DBA's on your database servers?- Janine Sisk
• » RE: How do you feel about allowing non-DBA's on your database servers?- Zelli, Brian
• » RE: How do you feel about allowing non-DBA's on your database servers?- Clarke, Andrew
• » Re: How do you feel about allowing non-DBA's on your database servers?- David Barbour
• » Re: How do you feel about allowing non-DBA's on your database servers?- Joey D'Antoni
• » RE: How do you feel about allowing non-DBA's on your database servers? - Roberts, David (GSD - UK)
• » RE: How do you feel about allowing non-DBA's on your database servers?- Michael . Coll-Barth
• » Re: How do you feel about allowing non-DBA's on your database servers?- Michael Moore
• » RE: How do you feel about allowing non-DBA's on your database servers?- Joel.Patterson
• » Re: How do you feel about allowing non-DBA's on your database servers?- Rich Jesse
• » Re: How do you feel about allowing non-DBA's on your database servers?- Martin Berger
• » Re: How do you feel about allowing non-DBA's on your database servers?- dave
• » Re: How do you feel about allowing non-DBA's on your database servers?- Michael Moore
• » Re: How do you feel about allowing non-DBA's on your database servers?- Jonathan Intner
• » Re: How do you feel about allowing non-DBA's on your database servers?- Subodh Deshpande
• » Re: How do you feel about allowing non-DBA's on your database servers?- Nuno Souto
• » RE: How do you feel about allowing non-DBA's on your database servers?- Johnson, George
• » RE: How do you feel about allowing non-DBA's on your database servers?- Michael . Coll-Barth
• » Re: How do you feel about allowing non-DBA's on your database servers?- Subodh Deshpande
• » Re: How do you feel about allowing non-DBA's on your database servers?- Jared Still
• » Re: How do you feel about allowing non-DBA's on your database servers?- Rich Jesse
• » Re: How do you feel about allowing non-DBA's on your database servers?- Jared Still
• » Re: How do you feel about allowing non-DBA's on your database servers?- Niall Litchfield
• » Re: How do you feel about allowing non-DBA's on your database servers?- Tony van Lingen
• » Re: How do you feel about allowing non-DBA's on your database servers?- Jonathan Intner

1. Home
2. oracle-l
3. Archive
4. 07-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---