DBA328 (8/2/2012)
Oracle has a SYSOPER privilege allows opration such as:instance startup,mount & database open;
alter database backup archive log and restore
This privilege allows the user to perform basic operational tasks without the ability look user data.
I know this SYSOPER could limit DBA powers, but some company has different DBA roles. And it better not allow DBA to access database directlly after application implemantation.
SQL server has the same equivilents...if i need someone who only is going to do operating system backups, i can assign the proper roles. The issue is the sysadmin role itself. someone needs to be in that role, even if it is unused, in order to actually do administration.
kind of like saying the person who is the president of the company should not have access to the financial information of the company, because he could abuse it.
As said in thousands of similar posts here: if you cannot trust the person in the role, remove the person.
Lowell