[BBLISA] Guidelines for giving full root access to DBAs

Dean Anderson dean at av8.com
Mon Aug 21 15:26:29 EDT 2006 

On Sun, 20 Aug 2006, Sharon Nagao wrote:

> I was informed last week by my manager that the DBAs is to have full root
> access to all Dev and Test servers in our environment.  

This is a too-frequent reaction from admins in an engineering
environment. Admins are taught to establish backups, stability, and 
security, without much reference to when these goals are unnecessary or 
inappropriate. 

The key term is here is "Dev and Test". In every development environment
I've worked in, the "Dev and Test" servers are generic boxes, whose up
or down time is entirely up to the engineering department.  The
professional sys-admin's assist the engineers with know-how on things
like 'what has to be plugged where', or 'how do I get started with
installing a new OS' but don't have a lot of responsibility for the
uptime of the system. By definition, "dev and test" systems have a lot
of downtime as engineers reconfigure for different environments.

I wouldn't worry too much about 'dev and test' systems.  Help the
engineers run them.  But production level monitoring is not needed,
since the machines only exist for the purpose of installing and testing
new software. Backups aren't usually needed, and frequent
re-installation from scratch is a good thing for engineering.

DBA's probably wouldn't need root access to a production machine, but
root to devel is frequently essential.  This is good advice to the
engineering staff--they need to remember that certain activities in
production environments won't be given to end users or even to DBAs.  
But remember that you probably don't want to become a member of the QA
staff, either.

It's when the systems need to be backed up and kept stable and kept
secure that you need to get involved with production-type monitoring and
restrictions. Those are your "trigger words".  If you don't need these
things, then you don't need restricted control either.

		--Dean

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000

More information about the bblisa mailing list