home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   comp.databases.oracle      Overblown overpriced overengineered SHIT      2,288 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 1,264 of 2,288   
   Hans Forbrich to Joe   
   Re: Securing the database from the DBA   
   09 Apr 04 22:19:19   
   
   From: forbrich@yahoo.net   
      
   Joe wrote:   
      
   > Hans Forbrich  wrote in message   
   > news:...   
   >> Joe wrote:   
   >>   
   >> > We're in the same situation - trying to address the concerns of   
   >> > Sarbanes-Oxley and FDA 21CFR Part 11.  Like you said, it's a catch-22,   
   >> > that you can't truly secure the database from the people who are   
   >> > responsible for maintaining it.   
   >> >   
   >>   
   >> Dumb question - does the system need to be protected from the security   
   >> group?   
   >   
   > Systems need to be protected from anyone who should not have access to   
   > them.  A security group probably only needs read-only access - access   
   > to the dictionary and audit trails, but not the application data.   
   >   
      
   For now    
      
   >   
   >> If not, then why not make the DBA a member of that group?   
   >   
   > Separation of duties is one way of building checks and balances into   
   > the system.  Having the DBA who maintains the database report into the   
   > security group (or the other way around) defeats that concept, so it's   
   > best to keep them as 2 distinct entities.   
   >   
      
   In which case monitor the s%!t out of the DBA's activities but let him/her   
   do the bl$$dy job!   
      
   /H   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca