On Mar 25, 2019, at 9:09 PM, Peter McLarty <peter.mclarty63@gmail.com> wrote:
The governance committee would have a fit about that security. That would set up the possibility of the DBA logging in as an application service user or some other user and edit data implicitly implying that the service account or the user has been hacked as the edits came from that user in the audit logs.
The audit logs … that the admin can falsify anyway? An application service that likely has its credentials stored on the same server over which the admin has total access? User credentials that very likely are stored in ~/.my.cnf?
Yes by nature the DBA is god and this is true in all databases. SOX based users in the US will talk about all the problems they have been dealt with by auditors when addressing compliance.
What I’m getting at is not that “DBA is god” so much as that “sysadmin is god of gods”. The idea of “DBA” just means someone who can do anything at all within the DB. But a local administrator, who can SIGKILL the DB (as opposed to asking the DB to shut itself down), who can edit the actual DB files manually, who can swap out anything for anything else, is another level of privilege. *That* user should have no need for credentials: they are who they say they are by the nature of what a sysadmin is. -FG