Re: OT - SarBox paranoia prevention ?

Are your 'vendor supplied store precedures' wrapped? If so, then what's the problem?
Its hard for the DBA to change a wrapped stored procedure unless they have source. :-)

The other question does is not clear to me, because how do you prevent anything? Usually, physical access implies full access (e.g. for someone like SA or DBA, root, sysdba, etc) with any type of computer system. Exceptions might be encryption, or other wierd and unusual configurations. Good luck.

Regards,

Mike Thomas

On Sat, 19 Feb 2005 13:21:03 -0700, Chip Briggs <chip.briggs_at_gmail.com> wrote:
> Earlier this week, SarBox auditors wanted proof that DBA's
> could not change database stored procedures (which would
> prevent DBA's from applying vendor patches for vendor
> supplied stored procedures). Also presents a problem since
> DBA's managed stored procedure configuration. SarBox
> auditors do not like DBA privileged access to application data.
> Looks like these auditors do not trust anyone and want duties
> segregated so no single person has the ability to cook any
> books (complete prevention for Enron repeat).
>
> Any ideas how to prevent execution of non-production code
> against production data, whether the data resides in a
> database or operating system files (unix and windows) ?
>

--
http://www.freelists.org/webpage/oracle-l