FAQ
Hello all,



Aahh, the age old war, granting DBA privileges... I am in it again up
to my eyeballs. Instead of standing there and saying NO, NO, NO, I took
the time to pull apart the DBA role and document in detail what a
majority of the roles and system privileges allow a database user to do
within the database and how some of these privileges are a direct
violation of Sarbanes-Oxley. This document is not perfect, but it's
enough to make management stop and say, Wait, we can't allow DBA
privileges to be granted to individuals outside of an administrative
role. I had the document blessed by our security officer.



I am willing to share this document with anyone who may find this kind
of information useful. If you'd like a copy, please email me directly.



I finally have posting privilege on the list now. I'd like to say THANK
YOU to everyone, some of whose names I recognize from years ago, for
continued lively discussion and thought provoking Q&A. I am so thrilled
to be a dba working on Solaris again, to have a REAL system that I can
use to test out some of the ideas being discussed by some of the
brightest people I've had the privilege to, well, kind of "know".



Have a great day everyone!



Lisa Koivu

Oracle Database Administrator

desk: 407-903-4691

cell: 954-683-4459



This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged.
The information is intended only for the use of the individual(s) or entity named above. If you are not the intended recipient, be
aware that any disclosure, copying or distribution or use of the contents of this information is prohibited. If you have received
this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field.

Search Discussions

  • Koivu, Lisa at Jan 24, 2008 at 8:52 pm
    I forgot to add one note.



    I must publicly thank Jared Still for the showpriv.sql script that he
    gave me many years ago. This script is the only database tool I use in
    that doc, and I still use it daily.



    THANK YOU JARED!





    From: oracle-l-bounce_at_freelists.org
    On Behalf Of Koivu, Lisa
    Sent: Thursday, January 24, 2008 2:35 PM
    To: oracle-l
    Subject: DBA Privileges and Developers



    Hello all,



    Aahh, the age old war, granting DBA privileges... I am in it again up
    to my eyeballs. Instead of standing there and saying NO, NO, NO, I took
    the time to pull apart the DBA role and document in detail what a
    majority of the roles and system privileges allow a database user to do
    within the database and how some of these privileges are a direct
    violation of Sarbanes-Oxley. This document is not perfect, but it's
    enough to make management stop and say, Wait, we can't allow DBA
    privileges to be granted to individuals outside of an administrative
    role. I had the document blessed by our security officer.



    I am willing to share this document with anyone who may find this kind
    of information useful. If you'd like a copy, please email me directly.



    I finally have posting privilege on the list now. I'd like to say THANK
    YOU to everyone, some of whose names I recognize from years ago, for
    continued lively discussion and thought provoking Q&A. I am so thrilled
    to be a dba working on Solaris again, to have a REAL system that I can
    use to test out some of the ideas being discussed by some of the
    brightest people I've had the privilege to, well, kind of "know".



    Have a great day everyone!



    Lisa Koivu

    Oracle Database Administrator

    desk: 407-903-4691

    cell: 954-683-4459



    This electronic message transmission contains information from the
    Company that may be proprietary, confidential and/or privileged. The
    information is intended only for the use of the individual(s) or entity
    named above. If you are not the intended recipient, be aware that any
    disclosure, copying or distribution or use of the contents of this
    information is prohibited. If you have received this electronic
    transmission in error, please notify the sender immediately by replying
    to the address listed in the "From:" field.

    This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged.
    The information is intended only for the use of the individual(s) or entity named above. If you are not the intended recipient, be
    aware that any disclosure, copying or distribution or use of the contents of this information is prohibited. If you have received
    this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field.
  • Jeremiah Wilton at Jan 24, 2008 at 9:09 pm
    Great to have you back, Lisa. Sounds like you did a great job on that
    document. Nothing works quite as well as facts. Also this is a great way
    to get the heat off of the DBA for saying "no" and deflect the
    responsibility for policy decisions to the business, where it belongs. I
    think that many DBAs do just stand there and say 'NO NO NO', and it gets us
    a reputation as obstructionists with developers and others.

    Now, who's that trip-trapping over my database?

    Regards,

    Jeremiah Wilton
    ORA-600 Consulting
    http://www.ora-600.net

    Koivu, Lisa wrote:
    Aahh, the age old war, granting DBA privileges…  I am in it
    again up to my eyeballs.  Instead of standing there and saying
    NO, NO, NO, I took the time to pull apart the DBA role and
    document in detail what a majority of the roles and system
    privileges allow a database user to do within the database and
    how some of these privileges are a direct violation of Sarbanes-
    Oxley.  This document is not perfect, but it’s enough to make
    management stop and say, Wait, we can’t allow DBA privileges to
    be granted to individuals outside of an administrative role.  I
    had the document blessed by our security officer.
    ...

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouporacle-l @
categoriesoracle
postedJan 24, '08 at 7:34p
activeJan 24, '08 at 9:09p
posts3
users2
websiteoracle.com

2 users in discussion

Koivu, Lisa: 2 posts Jeremiah Wilton: 1 post

People

Translate

site design / logo © 2022 Grokbase