Questions

Answer for:

Auditing Administrative Access

Message 2 of 2

View entire thread
+
0 Votes
robo_dev

First of all, is there somebody else whose job it is to run the server, or is your DBA the guy?

If there is a separate team that does the server administration, then no, the DBA should not have root access to the server.

But, in small shops, there is no way to segregate duties when it's one person.

Normally the DBA should not have system access since he can get rid of logs or potentially something worse.

One way to fix it is to send logs to a separate server where he does not have root access.