Search
Topics
  Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Feedback
· Forums
· Search
· Statistics
· Surveys
· Top
· Topics
· Web Links
· Your_Account

Current Membership

Latest: ASiddins
New Today: 30
New Yesterday: 44
Overall: 146540

People Online:
Visitors: 38
Members: 2
Total: 40 .

Languages
Select Interface Language:


Major ITIL Portals
For general information and resources, ITIL and ITSM World is the most well known for both ITIL and ITIL Books. A shorter snapshot approach can be found at ITIL Zone

Related Resources
Service related resources
Service Level Agreement
Outsourcing

Note: ITIL is a registered trademark of OGC. This portal is totally independent and is in no way related to them. See our Feedback Page for more information.


The Itil Community Forum: Forums

ITIL :: View topic - Who is allowed Raw Database Access?
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Who is allowed Raw Database Access?

 
Post new topic   Reply to topic    ITIL Forum Index -> Change Management
View previous topic :: View next topic  
Author Message
Al_Rel-EZ_Al
Newbie
Newbie


Joined: Aug 10, 2010
Posts: 9
Location: Sydney Australia

PostPosted: Thu Aug 19, 2010 5:36 pm    Post subject: Who is allowed Raw Database Access? Reply with quote

Hi guys. In an age where everything is stored electronically, databases drives virtually every aspect of a business. Which is why I believe that this is a particular area Change Managers should be extremely strict about.

In a client of mine, due to the nature of 'urgent fixes', at times Developers are given Production DB access to either,
1) query, simulate the issue or
2) fix it directly QUICK QUICK!

Such practice has eventually given the rise to some of our BAs even having direct access to PROD too!

It is a shocker I know!!!

I often think about the risks involved, as sometimes these changes to the PROD environment do not go through proper CM processes and even though each step taken may be written down somewhere ... there could have been accidental mistakes resulting in enormous cost to recover or fix corrupt data etc, or worst, the organisation very well could have been defrauded through some form of embezzlement un-beknown to them.

As I think about this, I decided to take the step further, even people in Production Support or DBAs at the end of the CM process, even them having direct prod access could be a risk to a business. Often a CR would have been created, gone through the cycles, and then it is up to Prod support to execute the final steps in Prod. Who is to say that they would not do something outside the realms of the CR as they perform the execution?

I think the solution is in Software Automation which is why I have put together my Software. Because Software Automation will be able to track the changes, and even automate the change deployment! Which is what my tool does for DBs.

But I wanted to know from this forum, what are permissible buffers organisations are willing to accept to allow individuals to have direct raw database access?

I have often heard the saying, "If you can't trust them doing the job, you can't trust anyone"... and with Billions of Dollars worth under management... I kind of NOT want to trust anyone. Any thoughts?
_________________
Al_RelEZ_Al
Back to top
View user's profile Send e-mail Visit poster's website
UKVIKING
Senior Itiler


Joined: Sep 16, 2006
Posts: 3315
Location: London, UK

PostPosted: Thu Aug 19, 2010 5:48 pm    Post subject: Reply with quote

First

Quit doing sales in this forum. You have already posted more than once about your application.

Second.

This can be easily controlled by proper ITIL oriented, SOX oriented, CoBIT orient Change Management and Release Management process

Instead of tryign to sell them a tool, have them change their processes so things like this does not happen

It does not happen where I am or have been as this is the first thing I try to control
_________________
John Hardesty
ITSM Manager's Certificate (Red Badge)

Change Management is POWER & CONTROL. /....evil laughter
Back to top
View user's profile
ITILadmin
Senior Itiler


Joined: Oct 19, 2004
Posts: 167

PostPosted: Thu Aug 19, 2010 6:15 pm    Post subject: Reply with quote

I have edited his post and a final warning has been sent. Some vendors never seem to get that this sort of thing actually damages them rather than helps them.
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    ITIL Forum Index -> Change Management All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.8 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

Logos/trademarks property of respective owner. Comments property of poster. Rest 2004 Itil Community for Service Management & Foundation Certification. SV
Site source copyright (c)2003, and is Free Software under the GNU / GPL licence. All Rights Are Reserved.