Re: Windows DB best practices
- From: "Niall Litchfield" <niall.litchfield@xxxxxxxxx>
- To: andert@xxxxxxxxx
- Date: Wed, 11 Apr 2007 19:14:37 +0100
Hi Stephen,
In terms of security, what I recommend is the following - which assumes a
single windows domain rather than workgroup or standalone server.
First create a global group (called DB Admins or similar). Assign membership
of this group to the personal accounts of your DBAs (and no-one else - there
should be no anonymous accounts in this group).
Next on each local machine make the global group a member of the local
"administrators" security group. This will enable the designated dba to
install Oracle. After the install is complete you should make the domain
group a member of the local ORA_DBA security group created by the install,
and optionally remove it from the local administrators group.
This gets you:
1. accountability - since everyone uses their own account.
2. groups used for the right things - local groups for access to
resources, global groups for privileges for users.
I second the recommendation to make sure that you have a dedicated server
for production oracle databases, but don't see that as a windows specific
thing. I've also never worked anywhere that sys admins didn't share that
view.
On 4/10/07, Stephen Andert <andert@xxxxxxxxx> wrote:
Yes, I know the first one is "use *nix" but I am tired of fighting
about it and my boss made the decision.
The main question I have is whether to create an oracle-specific
account or just use an administrator account. Also, any links to
Windows best practices would be great.
--
Stephen
http://andertfamily.net/racing_reports.aspx
Any idiot can run.
It takes a special kind of idiot to run a marathon.
--
//www.freelists.org/webpage/oracle-l
--
Niall Litchfield
Oracle DBA
http://www.orawin.info
Other related posts:
