RE: Any bad experiences with SYSDBA and DBA application users?

RE: Any bad experiences with SYSDBA and DBA application users?

 

  

You should not give any developer DBA privileges, they should not
require it in development, test or production environments. Keep the DBA
privileges restricted to the DBA. Set up the appropriate roles for what
work a developer may require. If you do provide DBA privileges to a non-DBA
person, it should be for a short duration and approved with a specific
purpose where the DBA cannot perform that particular function. Make sure
you monitor the persons using DBA privs during that short time frame. If
serious database problems should arise later on and it can be traced back to
the possible use of DAB privileges then it could be a real mess since
anybody who has been given those DBA privileges (programmers, developers,
analyst, ...) may have created the problem either accidentally or
potentially on purpose! The DBA is ultimately responsible for the well
being of the database and the associated database administration tasks that
is why security is provided in the database.




-----Original Message-----
From: Bastien Koert
[mailto:oracledba-ezmlmshield-x78324991.[Email address protected]
Sent: Thursday, October 28, 2004 9:15 PM
To: LazyDBA Discussion
Subject: Re: Any bad experiences with SYSDBA and DBA application users?


The application needs the minimum permissions to do what it needs. Anything
extra is a security hole that can be exploited. In our shop (since we don't
delete records for business reasons) the only privileges granted areconnect,
select, update and insert. The app doesn't need more than that so it the
generic app user gets nothing more.

Bastien



----- Original Message -----
From: "Alex Bacon "
<oracledba-ezmlmshield-x70508787.[Email address protected]
To: "LazyDBA Discussion" <[Email address protected]
Sent: Thursday, October 28, 2004 6:27 PM
Subject: Any bad experiences with SYSDBA and DBA application users?


> We are trying to persaude the application developers to NOT use sysdba
> and dba privileges for the application users. Has anyone got a set or
> reasons / bad experiences for why they shouldn't have it?
>
> Cheers,
>
> Alex
>
>
> --------
> website: http://www.LazyDBA.com
> Please don't reply to RTFM questions
> Oracle documentation is here: http://tahiti.oracle.com
> To unsubscribe: see http://www.lazydba.com/unsubscribe.html
> To subscribe: see http://www.lazydba.com
> By using this list you agree to these
terms:http://www.lazydba.com/legal.html
>




--------
website: http://www.LazyDBA.com
Please don't reply to RTFM questions
Oracle documentation is here: http://tahiti.oracle.com
To unsubscribe: see http://www.lazydba.com/unsubscribe.html
To subscribe: see http://www.lazydba.com
By using this list you agree to these
terms:http://www.lazydba.com/legal.html


-------------------------------------------------------------------------------------------
***National City made the following annotations
-------------------------------------------------------------------------------------------
This communication is a confidential and proprietary business communication. It is intended solely for the use of the designated recipient(s). If this communication is received in error, please contact the sender and delete this communication.
===========================================================================================

Oracle LazyDBA home page