OT - SarBox paranoia prevention ?

  • From: Chip Briggs <chip.briggs@xxxxxxxxx>
  • To: oracle-l@xxxxxxxxxxxxx
  • Date: Sat, 19 Feb 2005 13:21:03 -0700

Earlier this week, SarBox auditors wanted proof that DBA's
could not change database stored procedures (which would
prevent DBA's from applying vendor patches for vendor
supplied stored procedures). Also presents a problem since
DBA's managed stored procedure configuration.  SarBox
auditors do not like DBA privileged access to application data.
Looks like these auditors do not trust anyone and want duties
segregated so no single person has the ability to cook any
books (complete prevention for Enron repeat).

Any ideas how to prevent execution of non-production code
against production data, whether the data resides in a
database or operating system files (unix and windows) ?

Have Fun :)

Other related posts: