Re: sysadmin access

Daniel Morgan <damorgan_at_exxesolutions.com> wrote in message news:<3F01DA46.5ADE837D_at_exxesolutions.com>...
> scott wrote:
>
> > Our IS director is insisting that he needs sysadmin access to our
> > Oracle Applications instance, I however disagree. Is there a good
> > rule of thumb for who does and does not need sysadmin privs to the
> > DB/Apps? I need some ammo.

   In my limited experience it is best practices to limit administrative access to systems only to those that need to perform day to day admin functions on them. DBAs don't get root. Sysadmins don't have the SYS password and aren't in the dba group. Neither sysadmins nor DBAs get admin accounts in applications. Developers and managers don't get admin access to anything.

    Anything else muddles the chain of accountability.

    You WILL be the one to catch the blame when something goes wrong.      

> >
> > thanks,
> >
> > Scott
>
> Why? Why does he think he needs access? If he just wants to look around
> CREATE SESSION and SELECT ANY TABLE are sufficient. If he wants to do
> something then it is a question of whether he is qualified. If he is
> qualified to do
> things he should have the privileges required to do those things. If not
> ... absolutely no privileges should be given.
>
> It is a question of security.
> It is a question of data integrity.
> It is a question of good business practices.
>
> And he bloody well be prepared to clean up his own messes or fall on his
> sword if he makes a mistake. Just like
> everyone else.
>
> Without knowing how much experience he has, or what he intends to do, I
> don't think a specific answer isn't possible. Your post makes it sound
> like you think it is just about feeding an ego. And if that is the case
> he has no business holding his current job either.
Received on Tue Jul 01 2003 - 17:28:14 CDT