Re: Where's your DBA access level?
From: Mills, John T (9814) (John.T.Mills_at_ERAC.COM)
Date: 09/09/04
- Previous message: Gosselin, Mark: "Re: Where's your DBA access level?"
- Maybe in reply to: Bob.Kelley_at_BRINKSINC.COM: "Where's your DBA access level?"
- Next in thread: pSeries AIX Geek: "Re: Where's your DBA access level?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 9 Sep 2004 15:34:33 -0500 To: aix-l@Princeton.EDU
DBA's should have non-root access to the servers in my opinion. Some sudo access to commands like ipcrm may also be helpful. Since, I get a phone call for every root task, I'd prefer to give the DBA's enough access to troubleshoot their own backups and space issues. Bottom line is that DBA's need access, so, they can handle thier own issues. I don't see them needing full root access, since it would be a small company indeed if DBA's and sysadmin's reported to the same supervisor. It's always a bad idea to share root access across food chains.
John T. Mills
-----Original Message-----
From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU]On Behalf Of
Bob.Kelley@BRINKSINC.COM
Sent: Thursday, September 09, 2004 2:57 PM
To: aix-l@Princeton.EDU
Subject: [aix-l] Where's your DBA access level?
How many of you guys out in industry give your DBAs unix level access to
your servers? In production? Development? I don't recommend giving login
access to database administrators regardless of unix experience for several
reasons.
Oracle, for example, has several tools with which you can administer Oracle
itself, almost negating the need for a unix login altogether. One of these
on the robust/high-end being Enterprise manager, and on the other
simple/low-end being the Oracle client.
Another issue I consider is server accountability within a given IT
organization. How secure have you made your server? Ultimately, to
executives outside IT, who gets the black eye if there is a configuration
issue, or the common accidental file deletion or typo? Is it the individual
DBA? The DBA group? Or, is it most likely going to be the infrastructure
group responsible for the server and its availability overall? When you
take yourself out of the comfort zone of your IT knowledge, I think in most
companies, its going to be the latter.
Can I log/connect in to DB2? Yes, I most certainly know how. Can I do a
table query? Of course I can. Am I certified? Does the DBA responsible for
that server want me to do these things? No, they don't and for very good
reason. Tiered access...that's not really the point here.
Bobby Kelley Jr.
972-877-5341
- Previous message: Gosselin, Mark: "Re: Where's your DBA access level?"
- Maybe in reply to: Bob.Kelley_at_BRINKSINC.COM: "Where's your DBA access level?"
- Next in thread: pSeries AIX Geek: "Re: Where's your DBA access level?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
