[BBLISA] Guidelines for giving full root access to DBAs

Sharon Nagao sharon.nagao at gmail.com
Sun Aug 20 11:03:59 EDT 2006 

I was informed last week by my manager that the DBAs is to have full root
access to all Dev and Test servers in our environment.  Naturally, I
objected, but to no avail.  I was unprepared to discuss the matter and hence
every objection given was met with criticism and the DBAs responded by
saying that they were professionals and knew what they were doing.

I'm sure many of you will agree with me that most DBAs do not understand the
OS, let alone really understand what they're doing.  They may know their
database and know how much shared memory is required for optimal database
performance, but I do not believe they truly understand how the OS handles
memory or cpu resources.

I was also told that the DBAs will have the right to change kernel
parameters, install patches/fixes/filesets, change permissions, etc. at
will.  If possible, they will give the admins advance notice, but they have
the right to make the changes first and inform the admins afterwards.

This will make it difficult for me to keep the Dev, Test and Prod
environments uniform if the DBAs have the right to make whatever changes
they feel is necessary.

In addition, I am to log everything they do.  I am thinking of using
sudosh.  Has anyone used this tool?  If so, what can you tell me about it?
Is there anything else I might be able to use that works across all unix
platforms (AIX, Solaris, Linux)?

Does anyone have any experience in their environment where the DBAs have
full root access to Dev and Test servers?  If so, what guidelines/policy, if
any, do you have?

I am not going to let this go.  I am planning to challenge the decision with
management and am hoping to reach a compromise that's acceptable to both the
admins and DBAs.

I feel the DBAs must be held accountable for the changes they make and
should only make changes with the consent of everyone (that means the unix
admins, management and the DBAs).

I would appreciate it if people would share their experiences with me.  In
particular, I'd like to know what I should look out for, what worked, etc.

Any advice would be most appreciated.


Thank you,
Sharon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.bblisa.org/pipermail/bblisa/attachments/20060820/c2f5759e/attachment.htm

More information about the bblisa mailing list