December 4, 2019 at 12:00 am
Comments posted to this topic are about the item Proactive Performance Tuning
December 4, 2019 at 7:28 am
I do like the idea but a one man show admin might feel quite stupid about it, just thinking about those 2 locks too far away to reach with both hands at the same time... and telling non DBA staff to login to server XY because you need to do some <insert gibberish to outsiders> things doesn't make the staff like the new DB server any more.
There is a very good reason why right click on a table -> Delete doesn't ask you potentially multiple times if you REALLY want to drop that table or not, dealing with thousands or millions of rows requires you to know your trade therefore proper education is the way to go imho.
December 4, 2019 at 10:05 am
my only issue with 2 user authentication is when the "crap" goes sideways at 2am
it could be a new sql agent job or a new process from an app, but you can't fix it until you wake someone else up.
it reminds me of those scenes in movies where you have to have 2 people put keys in and turn at the same time to arm or disarm a device.
I prefer to trust my DBA, but you might think about using a temporary passkey (say 2 hours) that triggers an audit trail
Like I said, I prefer to trust people like steve (and Dino) rather than over engineer change control
MVDBA
December 4, 2019 at 2:57 pm
That kind of control, while well intended, may mask a bad DBA or admin. I've seen rigid change control policies set up but management still does not question a network guy making changes to a core switch. That problem did correct itself when they had a severe outage but I do think there needs to be a way to certify someone at least knows the basics of managing a server before a company gives them the keys to the kingdom. I may pick on consultants a lot but I've seen more than one data warehouse expert who did not know how to create indexes or were more concerned with visuals than the stability of the platform.
December 4, 2019 at 3:21 pm
That kind of control, while well intended, may mask a bad DBA or admin. I've seen rigid change control policies set up but management still does not question a network guy making changes to a core switch. That problem did correct itself when they had a severe outage but I do think there needs to be a way to certify someone at least knows the basics of managing a server before a company gives them the keys to the kingdom. I may pick on consultants a lot but I've seen more than one data warehouse expert who did not know how to create indexes or were more concerned with visuals than the stability of the platform.
you raise a very very valid point , pick the right guy to do the right job, train them and enable them..the 2 person system disables people's ability to do a job.
we do all make mistakes - just when you pick the guy to do the job , tell him the first thing to write is a rollback plan
MVDBA
December 4, 2019 at 6:46 pm
There aren't many places where 2 factor authorization would be needed, but there are some. This isn't for some performance tuning, though arguably, if there are critical things, then a second set of eyes might be more important. However, for things like turning off audits (or changing) or altering encryption keys, I'd want this, regardless of how many people have to wake up.
December 4, 2019 at 7:19 pm
However, for things like turning off audits (or changing) or altering encryption keys, I'd want this, regardless of how many people have to wake up.
So I can agree with this point. Arguably, if you're looking towards this for security-type situations, then I'd also include adding or removing a login from the sysadmin role. If nothing else, requiring two people (with sufficient access) to sign-in to disable / drop an audit or change an encryption key would help cut down on possible disgruntled employees bringing down a system days or weeks after being let go. But, it also raises a question, at least as far as the audits:
Would you also want to require 2-user authentication to create and enable an audit?
That's one where I'd lean towards not requiring it, but from a programability standpoint, it would probably be easier to just require it.
December 4, 2019 at 7:40 pm
I was torn on creation. Perhaps, especially as you need to specify a location. Ideally you drop audit data in a read/insert spot, and not a place where modify permissions exist. That might want 2 factor checks.
December 5, 2019 at 9:12 am
actually you guys have changed my mind, i'd like 2 people to be engaged in the process of changing the SA password
MVDBA
December 5, 2019 at 3:46 pm
Thanks for the thought-provoking commentary. The proposal sounds like the nuclear launch two-man rule. So to that extent it seems like overkill for databases, but in some situations it may be useful.
https://en.wikipedia.org/wiki/Two-man_rule
-- webrunner
-------------------
A SQL query walks into a bar and sees two tables. He walks up to them and asks, "Can I join you?"
Ref.: http://tkyte.blogspot.com/2009/02/sql-joke.html
December 5, 2019 at 5:53 pm
That's what I'd like to see implemented in SQL Server, and Windows/Linux, for that matter. Maybe with a group of 3-5 people, of which 2 have to approve something. We'd need some storage of the command, and perhaps some expiration, but a 2 man/woman rule would be nice.
December 6, 2019 at 9:06 am
That's what I'd like to see implemented in SQL Server, and Windows/Linux, for that matter. Maybe with a group of 3-5 people, of which 2 have to approve something. We'd need some storage of the command, and perhaps some expiration, but a 2 man/woman rule would be nice.
here's a thought - if you store the command, what's to stop you mixing with it and "self granting" - i'm seeing lots of layers of complexity, but I still think it's worth a look at
MVDBA
Viewing 12 posts - 1 through 11 (of 11 total)
You must be logged in to reply to this topic. Login to reply