DBA and system access

Posted on 2009-02-21
Medium Priority
Last Modified: 2012-06-21
A general question for DBAs:

Do the DBAs need admin rights on the boxes that run database servers, no matter what kind, or not?

Our operation guys say that we don't need that access nor do we need to even use RDC to connect to the servers in order to perform our DBA duties. Using the DBA tools like Enterprise Manager or Management Studio for MS-SQL, Toad or SQL Tools for MySQL and Oracle, should be more than enough, they say. With MySQL on Linux we use Putty to connect to the boxes or Toad to check or write code but we don't have admin rights on them.

I would like to hear opinions on this matter.

Question by:Zberteoc
LVL 26

Expert Comment

ID: 23700424
This is my personal opinion and may vary to other experts..

In my opinion DBA's should have non-root access to the servers and some times he might need sudo access.

In the past couple of years I have observed this - what happens is when an operation guy gets frequent requests from dba group for small small tasks initially operation guy does this promptly.. this happens for sometimes and willingly or unwillingly operation guy has to give him admin rights so that in his absence dba can take care of tasks which he thinks dba can do...so one fine day operation guy decides to give him rights  (sudo'ers list) ..

LVL 27

Author Comment

ID: 23700446
Who should be responsible with the installation/upgrade of the database softwares and service packs when needed, operation guys or DBAs.
LVL 26

Accepted Solution

Umesh earned 400 total points
ID: 23700485
>>Who should be responsible with the installation/upgrade of the database softwares and service packs when needed, operation guys or DBAs

Not sure about Oracle and rest but when it comes to MySQL its DBA's.. because of that they need sudo access. But this installation/upgrades happens once in a while & not often.
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Assisted Solution

Prasenjit_Dutta earned 400 total points
ID: 23700901
DBA should have Admin rights on the server. Activites like test/installation/upgradation of the database softwares and service packs, requires admin rights.Moreover, as per corporate policies, DBA need to ensure some security settings,health checks which can not be performed without admin rights.
LVL 22

Assisted Solution

dportas earned 400 total points
ID: 23700918
As a DBA it's not normally essential to have root/administrator access to the OS, but that will depend on what kind of service the server operations team are willing and able to provide to the DBA. DBMS installations and upgrades I would expect to be responsibility of whoever administers the server, not necessarily the DBA.
LVL 35

Assisted Solution

by:Mark Geerlings
Mark Geerlings earned 400 total points
ID: 23701694
Installing, upgrading or even applying some patches of Oracle software will require at least "sudo" permission on Linux or UNIX systems, or "Local Administrator" rights on Windows servers.  Depending on the skills and availability of the server admin(s) for times when Oracle work requires admin access, it is often simplest if the Oracle DBA has admin rights on the server.  But this will vary by organization. Most of my experience has been in smaller organizations that either didn't have full-time system administrators, or the system administrator had enough to do and really didn't mind not being responsible for the Oracle servers.  For most of my Oracle DBA carreer, if have had system admin privileges on the Oracle servers (but maybe many other Oracle DBAs have not had this?).
LVL 48

Assisted Solution

schwertner earned 400 total points
ID: 23705381
The answer depends on many details.

1. Do the DBA know good enough to work with the particular OS
2. Are on the system other important systems/applications that could be collapsed by the errors of the DBA
3. Which are the internal security regulations of the organization.

In many times the DBA needs root privilege: to investigate the kernel parameters of Unix OS, to ensure automatic start/stop of the instance and all suplemental program components (Listener, OEM, etc.), in some 10g versions only root can kill one of the Oracle processes that prevents the activity of the Universal Installer, the DBA needs to create new directories and to grant the 'oracle' user ownership over the new directory. Also if a disk space is full without root access it is practically not possible to find solution - changes in the disks configuration are practically done on behalf of the root.

From other side lack of root privilige can help the DBA to find a 'political' excuse for some issues and even rude errors. So this should be clearly explained the decissionmakers in the company and a frank solution should be found.
LVL 27

Author Closing Comment

ID: 31549584
As with these question there is never a unique answer I awarded everybody with equal points as each answer can be considered as correct. All in all my question was answered and I thank all for your help. I wanted to give more points to the question but the system doesn't allow it.

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog post, we’ll look at how using thread_statistics can cause high memory usage.
Recursive SQL is one of the most fascinating and powerful and yet dangerous feature offered in many modern databases today using a Common Table Expression (CTE) first introduced in the ANSI SQL 99 standard. The first implementations of CTE began ap…
Via a live example, show how to shrink a transaction log file down to a reasonable size.
This video explains what a user managed backup is and shows how to take one, providing a couple of simple example scripts.
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question