DBA and system access

Posted on 2009-02-21
Last Modified: 2012-06-21
A general question for DBAs:

Do the DBAs need admin rights on the boxes that run database servers, no matter what kind, or not?

Our operation guys say that we don't need that access nor do we need to even use RDC to connect to the servers in order to perform our DBA duties. Using the DBA tools like Enterprise Manager or Management Studio for MS-SQL, Toad or SQL Tools for MySQL and Oracle, should be more than enough, they say. With MySQL on Linux we use Putty to connect to the boxes or Toad to check or write code but we don't have admin rights on them.

I would like to hear opinions on this matter.

Question by:Zberteoc
    LVL 26

    Expert Comment

    This is my personal opinion and may vary to other experts..

    In my opinion DBA's should have non-root access to the servers and some times he might need sudo access.

    In the past couple of years I have observed this - what happens is when an operation guy gets frequent requests from dba group for small small tasks initially operation guy does this promptly.. this happens for sometimes and willingly or unwillingly operation guy has to give him admin rights so that in his absence dba can take care of tasks which he thinks dba can one fine day operation guy decides to give him rights  (sudo'ers list) ..

    LVL 26

    Author Comment

    Who should be responsible with the installation/upgrade of the database softwares and service packs when needed, operation guys or DBAs.
    LVL 26

    Accepted Solution

    >>Who should be responsible with the installation/upgrade of the database softwares and service packs when needed, operation guys or DBAs

    Not sure about Oracle and rest but when it comes to MySQL its DBA's.. because of that they need sudo access. But this installation/upgrades happens once in a while & not often.

    Assisted Solution

    DBA should have Admin rights on the server. Activites like test/installation/upgradation of the database softwares and service packs, requires admin rights.Moreover, as per corporate policies, DBA need to ensure some security settings,health checks which can not be performed without admin rights.
    LVL 22

    Assisted Solution

    As a DBA it's not normally essential to have root/administrator access to the OS, but that will depend on what kind of service the server operations team are willing and able to provide to the DBA. DBMS installations and upgrades I would expect to be responsibility of whoever administers the server, not necessarily the DBA.
    LVL 34

    Assisted Solution

    by:Mark Geerlings
    Installing, upgrading or even applying some patches of Oracle software will require at least "sudo" permission on Linux or UNIX systems, or "Local Administrator" rights on Windows servers.  Depending on the skills and availability of the server admin(s) for times when Oracle work requires admin access, it is often simplest if the Oracle DBA has admin rights on the server.  But this will vary by organization. Most of my experience has been in smaller organizations that either didn't have full-time system administrators, or the system administrator had enough to do and really didn't mind not being responsible for the Oracle servers.  For most of my Oracle DBA carreer, if have had system admin privileges on the Oracle servers (but maybe many other Oracle DBAs have not had this?).
    LVL 47

    Assisted Solution

    The answer depends on many details.

    1. Do the DBA know good enough to work with the particular OS
    2. Are on the system other important systems/applications that could be collapsed by the errors of the DBA
    3. Which are the internal security regulations of the organization.

    In many times the DBA needs root privilege: to investigate the kernel parameters of Unix OS, to ensure automatic start/stop of the instance and all suplemental program components (Listener, OEM, etc.), in some 10g versions only root can kill one of the Oracle processes that prevents the activity of the Universal Installer, the DBA needs to create new directories and to grant the 'oracle' user ownership over the new directory. Also if a disk space is full without root access it is practically not possible to find solution - changes in the disks configuration are practically done on behalf of the root.

    From other side lack of root privilige can help the DBA to find a 'political' excuse for some issues and even rude errors. So this should be clearly explained the decissionmakers in the company and a frank solution should be found.
    LVL 26

    Author Closing Comment

    As with these question there is never a unique answer I awarded everybody with equal points as each answer can be considered as correct. All in all my question was answered and I thank all for your help. I wanted to give more points to the question but the system doesn't allow it.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Join & Write a Comment

    From implementing a password expiration date, to datatype conversions and file export options, these are some useful settings I've found in Jasper Server.
    International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
    Via a live example, show how to backup a database, simulate a failure backup the tail of the database transaction log and perform the restore.
    Viewers will learn how the fundamental information of how to create a table.

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now