I need to get some feedback about DBA Contractor access to our company databases. I am a DBA and from time to time we get DBA contractors in to perform development work on specifc systems. The group that they current get added to gives them access to all systems in the company (we have a lot of systems from payroll to customers etc). I might add that our company is a well known financial institution in our country.
How are other DBA's treating contractors in their company. I have no problem giving them the access they need to perform the task that they are contracted to do, but should they get full access?
How does this fit in with Sarbanes Oxley?
Your feedback would be much appreciated.
as an independent DBA I encounter this often. If I'm to perform dba tasks on prod systems then I need the access to do the task. I know SOX prefer it that you log on as an account under your own name, so there's some sort of audit trail, and they prefer that you are not a sysadmin - but it's not possible to have a system without sysadmins - I usually connect with integrated security through a DBA group - seemed fine for them.
Don't know if this helps at all?