Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: How do you audit a DBA?

RE: How do you audit a DBA?

From: Christopher Spence <cspence_at_FuelSpot.com>
Date: Fri, 07 Sep 2001 08:42:53 -0700
Message-ID: <F001.00386A1F.20010907073249@fatcity.com> 






Who audits the auditor's auditor?



"Do not criticize someone until you walked a mile in their shoes, that way
when you criticize them, you are a mile a way and have their shoes."



Christopher R. Spence 


Oracle DBA


Phone: (978) 322-5744


Fax:    (707) 885-2275



Fuelspot


73 Princeton Street


North, Chelmsford 01863
 





-----Original Message-----


Sent: Friday, September 07, 2001 9:50 AM
To: Multiple recipients of list ORACLE-L







"The point is, you only need one, single trusted person to hold the
administrator account (someone from your audit firm, for example) and almost
everything can be done by sub-administrators who only have the precise
permissions they need and no more. In theory, anyway :0)"



There's that "single point of failure" again!  so... the auditor is more 
trusted than the DBA?



Who audits the auditor?





>From: "Guy Hammond" <guy.hammond_at_avt.co.uk>

>Reply-To: ORACLE-L_at_fatcity.com

>To: Multiple recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>

>Subject: RE: How do you audit a DBA?

>Date: Fri, 07 Sep 2001 01:45:06 -0800

>

>There is an administrator account, but individual users can configure 

>access control lists on their files (right-click, properties, security) 

>that would prevent the administrator from reading them. The only way 

>that an administrator could then read them would be to "take ownership" 

>first. Unlike Unix, ownership of a file is taken rather than given, so 

>even if an Administrator read a confidential file, the OS would not let 

>then erase traces of having done so. If you wanted to steal a file, you 

>could obviously back it up to tape (if you have the Backup Operator

>role) restore it to another system, take ownership there and read it 

>(unless it was encrypted of course) but there's only so much an OS can 

>do about physical security.

>

>The point is, you only need one, single trusted person to hold the 

>administrator account (someone from your audit firm, for example) and 

>almost everything can be done by sub-administrators who only have the 

>precise permissions they need and no more. In theory, anyway :0)

>

>g

>

>

>

>-----Original Message-----

>Sent: Thursday, September 06, 2001 2:41 PM

>To: Multiple recipients of list ORACLE-L

>

>

>but doesn't there have to be ONE account/role in NT that can assign all 

>the others? how else could you set up a role or continue to set them 

>up?

>

>--

>Please see the official ORACLE-L FAQ: http://www.orafaq.com

>--

>Author: Guy Hammond

>   INET: guy.hammond_at_avt.co.uk

>

>Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051

>San Diego, California        -- Public Internet access / Mailing Lists

>--------------------------------------------------------------------

>To REMOVE yourself from this mailing list, send an E-Mail message

>to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the 

>message BODY, include a line containing: UNSUB ORACLE-L (or the name of 

>mailing list you want to be removed from).  You may also send the HELP 

>command for other information (like subscribing).







Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Rachel Carmichael
  INET: carmichr_at_hotmail.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the
message BODY, include a line containing: UNSUB ORACLE-L (or the name of
mailing list you want to be removed from).  You may also send the HELP
command for other information (like subscribing).
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Christopher Spence
  INET: cspence_at_FuelSpot.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Fri Sep 07 2001 - 10:42:53 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US