Server Administrator Permissions

Question

Server Administrator Permissions

Viewing 4 posts - 31 through 33 (of 33 total)

You must be logged in to reply to this topic. Login to reply

John Reid-322103 Say Hey Kid Points: 704 More actions · Answer 1

I personally feel DBA's don't need to be local administrators but equally the SQL Servers should have the default Builtin/Administrators removed as well. There is always a trade-off between security and convenience, but seeing as you can't be "a little bit" secure (any more that you can be "a little bit" pregnant), I think security must always win at the expense of convenience. The above proposal enhances security by enforcing the principle of segregation of duties.

When designing new implementations it is possible to mitigate these inconveniences by sticking to proper design principles.

K. Brian Kelley SSC Guru Points: 114642 More actions · Answer 2

Security vs. functionality is always a trade-off. Ultimately it boils down to business decision on risk. The bottom line is at some point you must trust administrator level personnel. While that trust is sometimes violated, the majority of the time it isn't. The question organizations must answer is, "How much do you trust them?" It's not an easy question to answer, especially in larger organizations.

K. Brian Kelley
@kbriankelley

Brandie Tarvin SSC Guru Points: 173045 More actions · Answer 3

And it's only made worse for those who are trustworthy when the few "rotten apples" get their escapades published nationwide. I've read at least 5 stories in the past 3 months about DBAs, Programmers and ServerAdmin who have absconded with private information (propriatary & customer related) or created havoc in their company's system for revenge / personal gain.

And that's when the micromanagement starts. There's just no way to cover every security hole and trying to only makes it harder for the legit people to do their jobs.

Brandie Tarvin, MCITP Database AdministratorLiveJournal Blog: http://brandietarvin.livejournal.com/[/url]On LinkedIn!, Google+, and Twitter.Freelance Writer: ShadowrunLatchkeys: Nevermore, Latchkeys: The Bootleg War, and Latchkeys: Roscoes in the Night are now available on Nook and Kindle.

steve smith-401573 SSChampion Points: 10889 More actions · Answer 4

Also, having been a computer auditor in a prior life, I can tell you that, from the auditor's point of view, the objective is to find items to raise for management, even when everything is working well. In a perfectly running operation, the fallback was that the dept was overstaffed and underutilized, so there was no way for the IT group to escape unscathed.

Auditors are people who go into the battlefield after the fighting is over and bayonet the wounded.

As was noted above, Auditors serve a useful function in raising awareness of risk, but only business people can make the call on the risk/reward decision. That's part of what's behind the discussion on CIO's becoming more business savvy.