RE: Are you angry DBA?
- From: "Marquez, Chris" <cmarquez@xxxxxxxxxxxxxxxx>
- To: <Rich.Jesse@xxxxxxxxxxxxxxxxx>, <oracle-l@xxxxxxxxxxxxx>
- Date: Mon, 29 Aug 2005 12:18:37 -0400
Rich,
>>say that it's not the DBA's job to enforce rules
>> and restrictions is a lack of accountability
Let me clarify.
It is NOT my database to "force" rules and restrictions, but I must *ENFORCE*
existing rules and restrictions, yes.
I see to many DBA's that don't do allow anything because they *personally*
don't like it, but might not be the way of the business...if the business
accepts the risk then I should not be and Angry DBA.
*We* had a rule at one shop, "the DBA's never changes passwords or data".
Management demanded this and I ENFORCEd it for years. In other shops anyone
can tell me change passwords at anytime...personally a bad idea, but the way of
the business.
>>So if your devs want the DBA role in your production DBs, you give it to
>>them???
Of course not, No!
*HOWEVER* if management wants developers to have DBA role in production I have
no problem...unless the screw things up daily, then I will go look for a new
job where were developers do not have DBA role in production.
It is also as part of my responsible as a DBA to explain to everyone the
consequences of such and action, but if they insist so be it. I will just work
harder on be backup and recovery skills.
Often it is never this cut an dry; "DBA role in prod to developers"...and sadly
we DBA's must split hairs and show management often how rules and restrictions
are regularly contradicted and impossible to ENFORCE (as in you own case).
Like when NO developers have DBA role but they all have "DROP ANY TABLE" for
example.
hth
Chris Marquez
Oracle DBA
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx on behalf of Jesse, Rich
Sent: Mon 8/29/2005 11:51 AM
To: oracle-l@xxxxxxxxxxxxx
Subject: RE: Are you angry DBA?
So if your devs want the DBA role in your production DBs, you give it to
them???
If devs hurt the production DB bad enough, I have to fix it thru DB
recovery. How then is it not the my job to force rules and
restrictions? Granted, there is some leeway of grandfathered
schemas/objects/code, but that comes from a lack of ROI (e.g. to remove
a "potentially dangerous" priv from a schema like "DELETE ANY TABLE",
there's no way I can ask the department to spend 6 months rewriting apps
while our backlog grows for no discernable benefit to the company). But
to blanketly say that it's not the DBA's job to enforce rules and
restrictions is a lack of accountability at best.
My $.02,
Rich
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Marquez, Chris
Sent: Monday, August 29, 2005 10:28 AM
To: oracle-l@xxxxxxxxxxxxx
Subject: RE: Are you angry DBA?
[snip]
It is my database to support, backup, and make available and
avoid personal mistakes while doing so.
It is NOT my database to force rules and restrictions.
It is NOT my database to block all bad code from and stop all
data loss from.
People *will* "hurt" the database...I just need to be ready to
fix what is within my control.
Anybody feel differently?
Chris Marquez
Oracle DBA
Other related posts:
