September 12, 2008 at 3:04 pm
Rian, Not trying to avoid your question. I don't know the answer to that. I would have to walk through it and work out the kinks. My guess is that you would need something more than DBO but could probably tweak something to be less than sysadmin. Hard to say.
Again though, if you are being asked to do that job then you should get the permissions associated with that responsibility and that trust. Make sense?
David
@SQLTentmakerβHe is no fool who gives what he cannot keep to gain that which he cannot loseβ - Jim Elliot
September 12, 2008 at 3:27 pm
in our environment, dev has their own servers to destroy. we don't support the dev servers or their test databases, only uat and prod.
when they are promoting code to uat or production, it goes thru code review. when everyone approves the code, it gets put into uat.
having dev have their own instance on their box is a freaking nightmare. giving them their own schema, well you better have some dev that wants to play along.
-----------------------------
www.cbtr.net
.: SQL Backup Admin Tool[/url] :.
September 12, 2008 at 3:41 pm
So, you DBA's can actually write .NET assemblies to do conflict resolution of Replication Merged Data.
September 12, 2008 at 3:43 pm
Old Hand:
What security access do you provide with the developers who setup the packages and Analysis Cubes.
September 12, 2008 at 3:52 pm
rian67 (9/12/2008)
So, you DBA's can actually write .NET assemblies to do conflict resolution of Replication Merged Data.
Well actually - yes I can. But that's not really the point. You don't technically SA access to write managed code to deal with replication conflicts. You need SA access to incorporate that into your replication conflict process (i.e. to "deploy" it).
Just the same as you don't need system admin access to the production web server to write a .NET web app, you don't need SA access to the database server to develop. Just like you shouldn't develop/run for any amount of time logged in using a privileged account unless you can't avoid it. It's sloppy, it's how security breaches happen. Not a matter of demeaning/insulting anyone, it's a matter of separation of duties, and minimum required access.
That being said - if you happen to be writing admin tools for a server, it may be appropriate to grant you (just you and not every dev that comes along) some privileged access in order to get your job done, then absolutely. It's on a case by case, sometimes on an event by event basis.
----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
September 12, 2008 at 6:58 pm
You must have not read the start of the thread since the point was to give developers full access to A DEVELOPMENT SQL SERVER so they can understand how to write safe, efficient code in SQL and use features provided by versions of RDMS software.
U are insulting developers by stating they do not need access. TO somehow think that DBA's should be the gatekeeper of development servers indicate to me that you think we developers do not know how to write quality code or understand the complexity of RDMS systems.
I find it hard to believe that you have written managed code in SQL environment without a development sql server.
I find it condescending when DBA think they need to control everything. That is not separation of duty, that is being a control narcissist.
September 12, 2008 at 9:24 pm
I have read the entire thread. Let's step back for a moment: I am a developer first and foremost, and I perform DBA activities on occasion. Not that I don't know how - that's just the role I am fulfilling right now. I work on a team, and as part of that team, I need to currently work on severely improving some of our code, and yet - while I have a fair amount of access - my security access is not SA, because it is not required. Like it or not - there are lots of people who rely on that server to get their job done, so that's not something I get to "monkey" with, whether I am competent to do it.
I also have access to a local install, which I can do whatever I wish. That's where I do my investigation work/make test cases/ set up thing I want to propose. If I blow it up, I can put it back together, no fuss no muss.
It is true that a lot of Developers do in fact know how to put out quality code that does in fact take into account the features and capabilities of the RDBMS at their disposal. It is also unfortunately true that there are a lot of devs for whom interaction with an RDBMS is a chore/bother, whose SQL code sucks, and who think the DBA should be dealing with the "data stuff". And it's the DBA's job to ensure that a majority of the "category A stuff gets into production with as little of "category B" as possible, since that is the stuff that tends to bring servers down/make them behave badly.
Could it be said better? probably. Sometimes the overabundance of caution from certain DBA's, and/or certain perceived attitudes come across as abrasive ( I've been at the receiving end of it as well), but again - being an A**hole doesn't restrict you to any particular job in IT, so you can run into them anywhere. Just remember that the DBA is there to make sure everyone can continue to use the system, so not everyone gets to do everything.
As far as your desire to learn - ask to have a local copy installed, or better yet - a virtual server you can stage whatever you wish in. But if it's a shared server, expect that there will be restrictions, and that there's nothing personal about them.
----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
September 13, 2008 at 12:48 am
Perhaps there is a more deeply rooted problem here. Do the DBAs ignore or drag their feet implementing your requests to alter the objects they've kept restricted? Maybe your manager needs to talk to the DBA manager? If that's not enough, maybe your manager needs to talk to the director for you and your team to get more cooperation from the DBAs. If you want full permissions to a SQL Server RDBMS to play around then Express Edition is quite useful on your desktop. Or you can get Developer Edition if you want even more options to play with. A dev server is not supposed to be a free for all playground - it's supposed to be the next prod environment in-progress.
When I'm developing I prefer to lean on the DBA as much as possible because otherwise deployment time comes around and I get 'oh, that's not allowed on the production system'. Whereas if the DBA has deployed all the schema, DDL, and whatnot then I can only say he/she has already tacitly approved it. I highly recommend this route for your own protection instead of doing everything yourself and expecting it to be kosher when deployed.
PS - You're not making a positive impression by jumping on people for not reading the whole thread when it seems they disagree with you. Is that how you approach your DBA team when you want additional permissions and changes to the dev server?
September 13, 2008 at 3:10 am
Late to the party but...
rian67 (9/12/2008)
Who handles creation of Integration Packages, Replication Packages, creation of Analysis Cubes in your company if the developers do not have access to the SQL Server in Developement environment?
Developers do the integration services packages. There's no need for higher than dbo rights to write packages, just to deploy them. The DBAs do the deployment and set up the jobs.
Replication is a DBA job. Maybe the developers could do it, but where I worked all of the devs were C# devs first and might know a bit about SQL. It was not their main job and, quite frankly, if I had asked one of the devs to set up replication, I'd have been told to get lost, because it's not part of their job.
My former company did not use analysis services.
In addition, according to the compliance rules that the company had to operate under (SOX), a developer was not permitted to have elevated privileges to any environment (the auditors complained about even out developmen server setup) and those who had sysadmin privilidges were not permitted to develop. (Separation of responsibilities)
Are all of you software developers too or just think application developers are not capable of working with SQL Server?
Are DBAs capable of writing front end applications? (to switch your question the other way around)
Some devs probably are, most probably are not. I've seen devs that knew more about SQL than the senior DBAs. I've seen devs who could barely code their way out of a paper bag in their chosen language, let alone SQL. I've also seen DBAs who barely knew enough to backup their system.
For clarity, I was a developer and moved over to the admin role, though I still consider myself a developer most of the time.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
September 13, 2008 at 7:31 am
rian67 (9/12/2008)
So, you DBA's can actually write .NET assemblies to do conflict resolution of Replication Merged Data.
Yes, I can, and so can many of the other DBA's here. More to the point however, in 10 years of using, deploying and maintaining SQL Replication, I have never needed to do this. Custom .Net assemblies are almost never necessary for proper management of SQL Server.
[font="Times New Roman"]-- RBarryYoung[/font], [font="Times New Roman"] (302)375-0451[/font] blog: MovingSQL.com, Twitter: @RBarryYoung[font="Arial Black"]
Proactive Performance Solutions, Inc. [/font][font="Verdana"] "Performance is our middle name."[/font]
September 13, 2008 at 7:42 am
>> Are DBAs capable of writing front end applications?
According to the job description of DBA, they are responsible for Security, Performance, Recoverability, High Availability of RDMS. For most part, I would also think DBA's, Data Architect write a lot of stored Procedures, create schemas etc.
So, I think there are a lot of DBA's who Not only can they write front end applications, they can probably write windows services, web applications, web services, extended stored procedures written in dll etc.
The new development paradigm is close integration of software languages with RDMS. Whether it is Integration Services, Merge Replication with disconnected users, Analysis Services, Notification Services etc.
If you have a lot of developers who are not capable of writing code and/or working with SQL, I would suggest retraining or reassignment.
You stated that people who had sysadmin privileges were not permitted to develop. Does that also include not writing stored procedures, UDF?
My understanding of SOX is related to Financial Reporting and its associated reporting systems. So, if a company is developing new technologies or automating non-financial tasks, they do not have to be SOX compliant.
September 13, 2008 at 7:52 am
rian67 (9/13/2008)
>> Are DBAs capable of writing front end applications?According to the job description of DBA, they are responsible for Security, Performance, Recoverability, High Availability of RDMS. For most part, I would also think DBA's, Data Architect write a lot of stored Procedures, create schemas etc.
So, I think there are a lot of DBA's who Not only can they write front end applications, they can probably write windows services, web applications, web services, extended stored procedures written in dll etc.
I'm glad you work with individuals with such broad skills. Most (90%) of the individuals that I've worked with specialise their skills. The developers are skilled in the front end languages and the methodologies for writing web services, windows apps, web apps, etc, etc, while the DBAs specialise in the administration side, SQL coding, server admin and the like.
I find that people highly skilled in both are in the extreme minority. It just takes too much time to keep all those skills up to date. I know my app dev skills are very, very rusty after 4 years of database development/database admin.
You stated that people who had sysadmin privileges were not permitted to develop. Does that also include not writing stored procedures, UDF?
Correct.
My understanding of SOX is related to Financial Reporting and its associated reporting systems. So, if a company is developing new technologies or automating non-financial tasks, they do not have to be SOX compliant.
I used to work for a bank.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
September 13, 2008 at 3:17 pm
It actually doesn't matter what privs you give Developers on the Dev box... if you allow Developers to design their own tables and you don't have any coding standards and naming conventions and you don't have peer reviews and you don't have DBA reviews, you'll end up with a bloody mess one way or the other. π
--Jeff Moden
Change is inevitable... Change for the better is not.
September 13, 2008 at 3:23 pm
U mention that a lot of DBA out here are software developers. So, how is the career path progression?
One starts are a programmer, then a software developer and then you move to a DBA role. Or a DBA learns to be a programmer and stays as a DBA. Is that how it is? Is the trend for developers to move to DBA for salary or for prestige?
I have written applications in C++ and .NET using merge replication with disconnected users like sales force automation and truck delivery automation using MSDE on client machines and SQL 2000 where conflict resolution of similar merged data was done with assemblies based on rules and not on time. But what do i know. U DBA's have more aptitude than we error prone software developers and system analyst. π
September 13, 2008 at 3:48 pm
I do apologize if you felt my restating the actual thread was offensive. Let me restate the original thread again for you.
"We have three environments in SQL 2005.. DEV, UA and Production. Developers do not have access to UA or Production (except for read-only some times). "
Every application and database changes which is released from Development to UA and then to Production goes through review and approval and validation and is done by DBA's and IT Infrastructure group. And if the deployment fails in UA, it is rejected and the process starts again.
I am not sure what you mean by a "Development SQL Server is not supposed to be a free for all playground." It is a developer playground and it should be free for them to play with it.
and in the first post, you stated "having dev have their own instance on their box is a freaking nightmare."
Why is it a freaking nightmare?
My approach is to not have to go to the DBA team to get additional permissions and changes to the developer server since it is a developer server and it for development team to learn and test and create prototypes using the RDMS before it is promoted to UA and Production.
Viewing 15 posts - 16 through 30 (of 42 total)
You must be logged in to reply to this topic. Login to reply