Access Security Reminder

[Joseph Meehan]

Access security can make gaining access to the data and design of a
database very difficult without the knowledge and administrative access to
the database. Many of us have business critical data in secured databases.
We hopefully have made provisions to assure regular backups of data.
However we may have neglected another issue.

Upon the end of our employment, a succession plan needs to be in place.
There needs to be people with the information and skills to provide
continued use of that data. That means someone else needs full
administrative access to the data and all the information needed to
administer it.

I suggest that every workplace should have at least two backup people
for every critical database. Further I suggest that this be reviewed on a
regular bases, like once a year, maybe at the same time the backup
procedures are reviewed (you are doing that aren't you?)

I would suggest that anyone failing to provide this kind of insurance to
their employer or customer is not doing their job and should not consider
themselves a professional.

It is easy to overlook this or to not bother, but it truly is important.

It is good to remember that while I retired and I was able to take the
time to plan a hand off of duties, not everyone is able to do that. One of
the Administrators I worked for died suddenly and totally unexpectedly
shortly before I retired. He did properly document his job, but I fear not
all of us do as well. The unexpected does happen so please put this on the
top of your to do this week list.

 

[Guest]

Very good point indeed. A few years ago the senior DBA and I on a large
Oracle database were arguing about give someone in management a copy of all
the passwords. She was against it. We were arguing while driving to a meeting
on a very busy, dangerous stretch of highway. Had we both died in an
accident, the company would have been out of luck. I gave our boss a copy of
the passwords and he put them in a company safe. Part of my quarterly jobs is
to change passwords and I give management a copy of the changes.

On the flip side I know of two cases where employees quit and did not give
anyone a copy of the passwords nor would the return any phone calls. Managers
should demand copies of passwords and test that they work frequently. Then if
an employee changes a password just before quitting, legal action might be
effective.

 

[Joseph Meehan]

Very good point indeed. A few years ago the senior DBA and I on a
large Oracle database were arguing about give someone in management a
copy of all the passwords. She was against it. We were arguing while
driving to a meeting on a very busy, dangerous stretch of highway.
Had we both died in an accident, the company would have been out of
luck. I gave our boss a copy of the passwords and he put them in a
company safe. Part of my quarterly jobs is to change passwords and I
give management a copy of the changes.

On the flip side I know of two cases where employees quit and did not
give anyone a copy of the passwords nor would the return any phone
calls. Managers should demand copies of passwords and test that they
work frequently. Then if an employee changes a password just before
quitting, legal action might be effective.

All very true.