July 18, 2008 at 2:03 pm
I have in debate for quite sometime and curious on some input.....
First off, if a company has a DBA group, and a security group. Who should be the one that A.) Creates SQL Roles and B.) Assigns permissions to Roles.
From my point of view, I 100% feel this is a security duty. Becuase, if Security is limited to only apply roles to Logins, where is the real Security w/ this!? That would be like Security only applying Active Directory Groups to AD users and having the System Administrators apply the permissions.
Thoughts?
July 18, 2008 at 2:12 pm
a security group might define what various parts of the business should be able to do, bur the DBA should work out how these will be enforced within SQL and set them up.
In fact this should all be part of the design of the app, I would not expect the security team to do anymore than ok it.
---------------------------------------------------------------------
July 18, 2008 at 2:16 pm
I agree that it should be the required by the app, but I would imagine it should also be applied by the security group.
It would all point back to sepeation of duties. If it's okay for DBAs to assign security, what is the point of a security group? I mean, how would anyone expect them to 'approve' something when they wouldn't be involved deep enough to understand what is being done/requested.
July 18, 2008 at 3:41 pm
exactly, i don't think a security group should get involved at this level of detail, just satisfy themselves protection of data has been taken into account.
---------------------------------------------------------------------
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply