RE: Pre-Approved database changes
- From: Thomas Day <tday6@xxxxxxx>
- To: oracle-l@xxxxxxxxxxxxx
- Date: Fri, 18 Jun 2004 08:26:17 -0400
For us the following items would be under change control (CC):
- Drop unused columns of a table (how do you know they're unused? If CC
lets the DBAs drop columns that they "think" are unused then evenually they
will drop a column that is used or will be used in a future release - we
add columns now, when we can get them through the CC board, against a known
future need.)
- create user / change password for a user / drop user (for non-schema
users, e.g. employees having an account to use the application) - Not a
chance in the world that the DBA could/would do this. We have a whole,
separate control function/group that does nothing but create and administer
users. You can't have the DBA just creating users because someone asked
them to.
- granting privileges to a user - see point above. Just because a user
thinks that they need a privilege doesn't mean that they're going to get
it. They must justify the need to the control group and, if approved, they
will be granted an existing role. If no existing role meets their need
then a new role must be approved, impleted, and granted (as if that's going
to happen).
- changing system parameters - will any system parameter change require
approval by the change control board? - You bet! It had to be done in the
testing database first. If the change is of a type that would only be
applicable to the production database - because of size, number of users,
specific platform, etc. - then it has to be reversible. If it's an
irreversible change, ie, something goes wrong and the database has to be
recovered or rebuilt, then it's not likely to be approved.
- drop tablespace including contents and datafiles - If you can prove that
the tablespace is unnecessary then you can prove it to the CC board. The
DBA can't just drop it because the DBA "thinks" that it's unnecessary.
"Jacques
Kilchoer" To:
<oracle-l@xxxxxxxxxxxxx>
<Jacques.Kilchoe cc:
<Jared.Still@xxxxxxxxxxx>
r Subject: RE: Pre-Approved
database changes
@quest.com>
Sent by:
oracle-l-bounce
06/17/2004 05:48
PM
Please respond
to oracle-l
How exhaustive does this list need to be?
- Drop unused columns of a table
- Recompile stored PL/SQL
- create user / change password for a user / drop user (for non-schema
users, e.g. employees having an account to use the application)
- granting privileges to a user
- exchange partition (this could fall under "change storage parameters")
- alter table move (this could fall under "change storage parameters")
- resize datafile (increasing its size)
- moving datafile to a new location
- adding more redo logs
- changing system parameters - will any system parameter change require
approval by the change control board?
- turning on session tracing
- drop tablespace including contents and datafiles
How about system shutdown / startup? Obviously you don't want to ask your
control board everytime you do that.
Are you also considering any changes to configuration files, e.g.
listener.ora, tnsnames.ora, password files?
Jared.Still@xxxxxxxxxxx
Those of you with stringent change control standards, or are currently
going
through Sarbanes Oxley, may be familiar with pre-approved changes.
Essentially, all changes will be logged to the change control repository.
Yes, all.
There will be a list of pre-approved changes. These are changes that may
be performed without review by the change control board.
These are things that are naturally done throughout the course of the day
as part
of normal DBA duties. These changes are of a nature that the outcome is
always
predictable, and does not result in accidental downtime or outages, or have
other
profoundly negative results.
Keep in mind that there is an assumed level of competence and some
discretion involved on the part of the DBA. You could probably perform
just about any database operation and cause problems if you don't know
what you are doing or act as if you are the only user on the system.
Examples:
adding datafiles to a tablespace
changing storage parameters on an index or table
modifying database statistics through collection or deletion
create exports
create backups
online index rebuilds ( in the rare case that it is useful )
Vertex Tax Table loads( yes, I'm stuck with those )
These changes are assumed to occur on active database systems, and are
not part of some other normally scheduled procedure, such as a data load.
I would like to add to this list, and will welcome all suggestions and/or
corrections.
If it is substantial, I will post it somewhere that all can access it.
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
Other related posts:
