473,473 Members | 1,748 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

Re: Securing the database from the DBA

Joe wrote:

>
We're in the same situation - trying to address the concerns of
Sarbanes-Oxley and FDA 21CFR Part 11. Like you said, it's a catch-22,
that you can't truly secure the database from the people who are
responsible for maintaining it.
Dumb question - does the system need to be protected from the security
group? If not, then why not make the DBA a member of that group?

/Hans
Jun 27 '08 #1
2 1223
Joe
Hans Forbrich <fo******@yahoo.netwrote in message news:<R8Adc.25679$J56.8600@edtnps89>...
Joe wrote:
We're in the same situation - trying to address the concerns of
Sarbanes-Oxley and FDA 21CFR Part 11. Like you said, it's a catch-22,
that you can't truly secure the database from the people who are
responsible for maintaining it.

Dumb question - does the system need to be protected from the security
group?
Systems need to be protected from anyone who should not have access to
them. A security group probably only needs read-only access - access
to the dictionary and audit trails, but not the application data.

If not, then why not make the DBA a member of that group?
Separation of duties is one way of building checks and balances into
the system. Having the DBA who maintains the database report into the
security group (or the other way around) defeats that concept, so it's
best to keep them as 2 distinct entities.

--
Joe
http://www.cafeshops.com/joekaz
http://www.joekaz.net/
Jun 27 '08 #2
Joe wrote:
Hans Forbrich <fo******@yahoo.netwrote in message
news:<R8Adc.25679$J56.8600@edtnps89>...
>Joe wrote:
We're in the same situation - trying to address the concerns of
Sarbanes-Oxley and FDA 21CFR Part 11. Like you said, it's a catch-22,
that you can't truly secure the database from the people who are
responsible for maintaining it.

Dumb question - does the system need to be protected from the security
group?

Systems need to be protected from anyone who should not have access to
them. A security group probably only needs read-only access - access
to the dictionary and audit trails, but not the application data.
For now <g>
>
>If not, then why not make the DBA a member of that group?

Separation of duties is one way of building checks and balances into
the system. Having the DBA who maintains the database report into the
security group (or the other way around) defeats that concept, so it's
best to keep them as 2 distinct entities.
In which case monitor the s%!t out of the DBA's activities but let him/her
do the bl$$dy job!

/H
Jun 27 '08 #3
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
2
MIcrosft SQLServer Best Practices document on securing SQLServer
by: byrocat | last post by:
I'm chasing after a documetn that was available on one of the Microsoft websites that was titled somethign like "MS SQL Server Best Practices" and detailed a nyumber of best practices about...
Latest Bytes
2
Securing data
by: James | last post by:
What's the best way of securing online databases and web services? At present I am using a database password, which of course is not hard-coded into the web service, but this means re-submitting it...
Latest Bytes
11
Securing a Database
by: Susan Bricker | last post by:
Greetings. I am looking for some advice on making a database secure. By secure, I mean that I want only certain people to have write access to the database and I want the updates to be permitted...
Latest Bytes
4
Securing a Backend
by: Tony | last post by:
G'day, The derivation of a (commercially valuable) relational schema has taken me a considerable amount of time. Now I want to secure the design in a client server environment. Hence to my...
Latest Bytes
7
Securing A Folder On A Server
by: Tom | last post by:
Can anyone give me any advice on how to secure a folder on a network server so that documents in the folder can only be opened through an Access database or by the database admin. I need to store...
Latest Bytes
9
I have carried out the Keith Wilby stepwise approach to securing an MDB but I am not sure what I have achieved
by: carriolan | last post by:
Hi Hi As daft as it may sound I have carried out the approach detailed by Keith Wilby on his site www.keithwilby.com/ down to and inclusive of import objects. I have established that: 1....
Latest Bytes
4
Securing both front end and back end
by: Brad P | last post by:
I have a 2K database with a front end linked to a back end. I need to lock down or secure both ends so a user can not access the raw data in tables etc. I also need usernames and passwords for 50+...
Latest Bytes
4
Securing database with separate front-end / back-end
by: Stephen Poley | last post by:
Whenever anyone has a question about securing an Access database he/she is usually referred (unsurprisingly) to the Security FAQ. This is however incomplete/unclear with respect to databases with a...
Latest Bytes
4
omerbutt
Problem regarding Confining a user for securing MYSQL
by: omerbutt | last post by:
hi every one I am A new Bee to php mysql and i was surfing through the net to learn about how to secure the mysql when you are working in a web environment while working with php html and javascript...
Latest Bytes
10
Re: Advice on securing a sensitive Access database
by: Les Desser | last post by:
In article <fcebdacd-2bd8-4d07-93a8-8b69d3452f3e@s50g2000hsb.googlegroups.com>, The Frog <Mr.Frog.to.you@googlemail.comMon, 14 Apr 2008 00:45:10 writes Not sure if I quite follow that. 1....
Latest Bytes
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Latest Bytes
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Latest Bytes
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Latest Bytes
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
Latest Bytes
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Latest Bytes
0
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Latest Bytes
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Latest Bytes
0
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
Latest Bytes
0
muto222
php
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
Latest Bytes

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us