July 30, 2019 at 12:54 pm
In a team of DBAs tasks are not separated. All the team members do same kind of tasks. Do we need to create separate logins and users for each of them and assign the same role to all or all of them can use the same account? Which is better from the perspective of security.
July 30, 2019 at 1:06 pm
It is not only about security dont forget about:
- possibly tracking who does what
- more problematic: isnt the user blocked when someone else is already logged in? so it might cause troubles if more than 1 needs to do something but the user is already in use
I want to be the very best
Like no one ever was
July 30, 2019 at 3:52 pm
One DBA can change password for such sole login and no one will connect.
security best practices (minimum) : each dba has its own login, all logins are in AD group, this group has sysadmin access.
July 30, 2019 at 4:22 pm
I whole heartedly agree. Each DBA must have their own login for accountability purposes. I'll also state that each DBA login must be an Active Directory login that follows enforced password requirements policies and regular password changes. Even if you don't agree, you should do it because it's necessary to pass a multitude of audits.
--Jeff Moden
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply