Comments (4)

  1. Great piece of advice. With data comes great responsibility, and as data professionals we must realize that the always hurry up and get it done routine is not the best avenue to take. Well said on all fronts. Thanks for that

    1. Thanks! People seem to think I’m a bit on the strict side.

  2. While there are mechanisms in place for a lot of this stuff, I have found pushing the onus back on the team’s themselves to be the best option.

    Requiring the use of security groups for all access helps in the formulation of policy. Then the policy-maker is on the hook for allowing someone specific levels of access by adding them to required security groups.

    Internally, there is even a tool that will help enforce this type of policy, thankfully, including auto-approval.

    I do agree that making security a part of your toolbox is vital.

    1. FIM is available externally as well. It doesn’t do everything that the internal tool you’re referring to does, but it does a lot.

      That said, I’m not a huge fan of giving ownership of the group to an outside party. I would rather own the group and control who can be a member because I’ve seen it abused too many times. Unfortunately, in some places, there are too many groups for a small DBA team to try to manage themselves, and it is best to give the group ownership to someone else to control for an application they own. You just have to educate them on what that means.

Leave a Reply