| Keep the DBA Out of Your PeopleSoft Data |
|
| Friday, 28 April 2006 | |||||
|
Oracle's Data Vault can effectively keep the DBA from peeking at any PeopleSoft data. It's just a simple matter of using a browser to create a security realm around the SYSADM schema. Check out the viewlet if you don't believe me. Theoretically, it would work. But in the real world I'm not so sure. You obviously have to trust the PeopleSoft Administrator with the SYSADM password (how else would you run the build scripts?). And whoever has SYSADM's password can see everything, data vault or not. In some places, the DBA does both the DBA and PeopleSoft administrator roles, so in this case data vault would do no good. And in other places the PS Administrator does migrations but stops short of actually building the tables. Once again the DBA would need SYSADM's password to execute build scripts. So it's not that it couldn't work, but could you put procedures in place so that DBA's wouldn't need access to log in with SYSADM. And if it's not a DBA, who would you trust? The PeopleSoft administrator? The security administrator? I think I'd have to see a Data Vault for PeopleSoft proof of concept with a some PS techies, DBA's and security experts in the room asking hard questions before I'd invest in Data Vault to protect PeopleSoft data. But in today's security crazy world, it would make a lot of managers and auditors happy if Oracle did make it work.
|
|||||
| Last Updated ( Sunday, 14 January 2007 ) | |||||
| < Prev | Next > |
|---|