DBA member of IT admins?

  •  

     How many of you acting as DBAs are either domain admins or have local admin rights on your sql servers?  Are you part of the regular 'systems team' -- that is the group that includes the domain admins who do all of the network support,etc?     I suspect that in larger companies or those that have had sql in place for some time, this may be the case.

    Another twist which I think is a fairly new development, is a situation where a new sql environment is created by a developer team using all of the latest .net tools.  Picture no stored procedures, sql server viewed somewhat as a dumb shoe box with the real action happening on mid-tier application/business logic servers.  Bringing a traditional DBA into such a situation can easily be viewed as risky or threatening.

    I suspect that in many small to mid-size companies adopting sql server, the DBA role hasn't been formalized and many of us can only execute OS commands if logged into a query window as sysadmin -- in other words you are doing xp_cmdshell work as if you were the sql service.

    In my case I'm beginning to wonder if it's worth even pursuing this role until it is recognized that DBA work typically requires some form of administrator rights.   You wind up with a situation where the systems group has the rights, but no knowledge of or desire to administer sql server, and others with knowledge and desire, but no rights other than sql sysadmin.

    Picture fixing an out of sync log shipping plan by doing DOS commands via xp_cmdshell.

     

  • At my current company, the DBA team is not Domain Admin, but has Local Admin on most (including all SQL) servers.  I've never seen a situation where this didn't suffice.  Part of my reason for leaving the last company was that they had this hokey setup where we had a "special" Login (with Local Admin rights on SQL Servers) that we were only authorized to use "in event of emergency", and it was closely audited.  For our normal day-to-day activity, we were supposed to use our "normal" Login that fell quite short of making life easy, considering all the server drives (where databases and backups reside) were shares that we didn't have ordinary access to.  It was all political...  which just made me sick.  If you can't trust your DBAs, who can you trust, right?!?

    Your fears / suspicions are well founded - proceed with caution!  If your CIO or the manager of operations is receptive to listening, try to explain the situation with some compelling reasons to change.  But if you're dealing with a bunch of paranoid freaks...  good luck!

  • ... Picture no stored procedures, sql server viewed somewhat as a dumb shoe box ...

    They must have a raising TCO

    People tend to have the idea a dba is someone who just turns some nuts an bolts and pushes some knobs and switches to have the database up and running. THERE IS VERY VERY MUCH MORE IN A DBA'S FUNCTION THAN THAT !!!

    Your dba is part of the team who tries to keep costs down and company up !

    your dba has a significant role in that team because (s)he will advise usage, development, plan and followup resource (server and disk) usage, (s)he'll also help in planning migrations, upgrades, ... not only for the strict database and/or databaseserver, but also for applications using these resources.

    Your dba will also have your DRP in mind when discussing data/databases.

    And if needed (s)he will also be your firebregade in the fronline !

    Any dba, who has not been extinguished, will discover very soon that there's more to db-service than the actual db. Knowlage of server(hardware and software), networking, security, ... is nore then just "nice to know".

    Having departemental function-boxes (black/white) is nice, but keep in mind you will need a gray zone to have it working smoothly, still respecting everyone's responsibilities and enhancing team-interaction(confidence) .

    You don't have to trust your dba, you'll lean to !   

    Having every dba loging in with the common DRP-windows account, is a worst practise, because such common accounts get compromised very often and it's always a hassel to point to the actual person who has been using it at some point in time.

    Johan

    Learn to play, play to learn !

    Dont drive faster than your guardian angel can fly ...
    but keeping both feet on the ground wont get you anywhere :w00t:

    - How to post Performance Problems
    - How to post data/code to get the best help[/url]

    - How to prevent a sore throat after hours of presenting ppt

    press F1 for solution, press shift+F1 for urgent solution 😀

    Need a bit of Powershell? How about this

    Who am I ? Sometimes this is me but most of the time this is me

  • In my organization there is a team of "System Engineers" each with a specialty - AD, Exchange, PC Architecture, SMS/MOM and mine SQL. We all possess 3 logins: domain user, domain admin and enterprise admin. For the majority of my SQL work I use my domain user acount. For server related SQL activities I use my domain admin account. It is all based on what action(s) I have to perform. I have worked at sites in the past where there was a 'special' SQL Admins group that were just domain users but local admins on all of the Sql Servers. as opposed to using a domain admin account. At a minimum you need to be a local admin on your SQL Servers, anything else is 'gravy'.

    RegardsRudy KomacsarSenior Database Administrator"Ave Caesar! - Morituri te salutamus."

  • How many of you acting as DBAs are either domain admins or have local admin rights on your sql servers?  Are you part of the regular 'systems team' -- that is the group that includes the domain admins who do all of the network support,etc?     I suspect that in larger companies or those that have had sql in place for some time, this may be the case.

    _____________

    I'm in the above mentioned team, and can assure that I am not getting the domain admin password at all. It was so hard to get just an account that I would use to collect Snapdrive/snapshot information from the servers.

    It gets frustrating sometimes as the Manager also comes with the Network experience, and I come with development experience. So, Manager is mostly interested in whats happening on the system admin team, and that makes me quite

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply