SYSADM vs. SUDO for Application DB Admin
I manage a team of sys dba's (physical), not a DBA myself , who must work with app dba's (logical) in other groups. We have had an ongoing war between these 2 groups for past year related to releasing access to SUDO. My sysdba's say the app team should be able to do everything they need to do with the SYSADM priv, the app team provided these examples as to where they need SUDO in a SYBASE env:
- Perform DBMS logical data restoration
- Application table data transfer between systems and databases
- Create and maintain application database objects
- Monitor application object characteristics & perform tuning actions.
What do you think? Should SUDO be made avl, and what requirements should be met to gain access?
whats sudo got to do with any of those things?
Whats the SYSDAM privelege you talk about?
Whats a pysical dba and a logical dba?
All these things you talk about are database related privelges - sudo cant help you there.
Also are you talking about sybase because this is an oracle forum
Originally Posted by davey23uk
Physical/Logical DB support is the way we distinguish between support by our Systems DBA and our Application DBA, probably not relevant. I guess what I am asking is when or why would a Application DBA need SUDO access when they already have SYSADM (System Administrator Authority) priviledges.
wel it depends what this 'sysadm' thing gives them
I would say no. But My personal preference is that SUDO, instead of SYSADMIN. Reason, this is easy to manage, you can restrict the access, log the accesses and manage it on per user basis. So, if user leaves your dept. all you may have to do is to lock the account. I personally prefer sudo over sysadmin. In a world where sysadmin and DBA jell well, I wouldn't want to have this privs either.
Tis is just a 2c of mine.
Life is a journey, not a destination!
what is SYSADM???
and all of those tasks are database tasks anyway
not even sure he is going on about oracle at all
All, Thanks for your feedback, it was helpful in our internal discussions. The decision was made to proceed with SUDO but to work with the App DBA's to determine which commands and/or rights they would need, granting access to only what is needed.
Click Here to Expand Forum to Full Width