Auditing Administrative Access

By sdtate ·
I have a DBA who is also a local administrator on the application server for the application he does DBA work for. He is also a local admin on his SQL server box. Is any of this inappropriate or create an SoD issue?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Maybe yes, maybe no

by robo_dev In reply to Auditing Administrative A ...

First of all, is there somebody else whose job it is to run the server, or is your DBA the guy?

If there is a separate team that does the server administration, then no, the DBA should not have root access to the server.

But, in small shops, there is no way to segregate duties when it's one person.

Normally the DBA should not have system access since he can get rid of logs or potentially something worse.

One way to fix it is to send logs to a separate server where he does not have root access.

Related Discussions

Related Forums