August 15, 2018 at 1:03 pm
Eric M Russell - Wednesday, August 15, 2018 12:32 PMThe sysadmin charged with guarding the gate doesn't necessarily need the key to every door inside the castle. For databases containing sensitive data, there should be something like column level encryption and someone other than the DBA holds the private keys.
I agree, but in a practical sense, I never see this. Even if there is a key in the application (or a pwd), I find as a DBA I'll be given this key at some point to troubleshoot issues.
August 15, 2018 at 2:26 pm
There is no reason for the DBA to see the unencrypted contents of the Salary or CreditCardNumber column. In any corporate IT shop, there is usually at least one accountant or C level executive with enough SQL coding experience to run an ad-hoc query.
There actually are, if the issue is understanding why some data might not be correctly appearing or totaling on a report.
There actually are, if the issue is understanding why some data isn't correctly totaling or appearing on a report. The DBA, or some support person, will need to see the data for troubleshooting purposes. Not always, and not often, but it happens.
There also is the case that few applications use encryption, which is sad, but it's reality. In that case, working through issues is going to expose information to a privileged user. In any short period of time, that won't change.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
September 4, 2018 at 7:08 am
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
Viewing 3 posts - 16 through 17 (of 17 total)
You must be logged in to reply to this topic. Login to reply