lianvh (8/2/2012)
Good Day ,our IT Auditors suggested the database administrators should not be able to view the Production data . Is there way to do that or should we rather invest in audit trail software that sends out a notification when certain userids are accessing the data ? Any ideas ?
I think its overkill from an auditors perspective. There is no real way to prevent a DBA from viewing data without potentially restricting their ability to do their job.
Having worked in the strictly regulated finance industry I can say that viewing data is different to fully understanding data. Segregation of duties provides this distance where required and possible.
Alternatively you should be auditing all DBA access to data and/or systems so that an explanation of why they did this and when can be traced to a change request.