ERP Associates, Inc. - Why can't we just get along?

Why can't we just get along?

Wednesday, 01 March 2006

In many IT organizations, there is tension between the PeopleSoft administrators and developers and the Database Administrators. The DBA's don't want the crazy developers and administrators building their own tables because who knows what kind of DDL parameters they may enter or forget to enter. Developers hate trying to track down a DBA for every little index, column, or table. Administrators hate having to wait for the DBA to build tables during the periodic migration window.

One of my fondest memories was during crunch time of a 7.5 to 8.3 HRMS upgrade. We had tons of deliverables and very little time, and the client PeopleSoft production administrator was also the upgrade architecture team lead. Maybe she HAD ignored a request or two from the DBA to analyze all of the 7.5 production SQL to make sure it worked with the COST-based optimizer, because EVERYBODY who knows ANYTHING knows that COST-based kicks RULE-based's butt every time. But there weren't any big problems with performance and we were upgrading and moving to cost based anyway, so what was the big deal?

Well, we were on the way to a meeting when we got a call from a user. Payroll had been running 12 hours and things weren't looking good. After a little digging, we discovered that the DBA had switched the production database from rule-based to cost-based just prior to the payroll cycle.

He was totally unapologetic, and relucantly switched the DB back to RULE based only after threats from his boss. Fortunately for us he was moved off of PeopleSoft support shortly thereafter.

So besides a ropes course or a team building retreat in the mountains where DBA's and PeopleSoft Techies all sing kum-by-yah around the campfire, how do we get some trust between all of the parties involved?

Well, I have no idea. But here are some things that everybody should understand:

DBA's have a legitimate right to control the DDL that executes on their database. Yes, I hate to admit it but they do. There's more to creating a table than creating a table. You have to think about tablespaces, sizing, synonyms, grants, statistics, etc. Each database has its own quirks, and the DBA is the only one who knows them all.

You can control to a great degree the DDL PeopleSoft generates by changing your ddl<dbplatform>.dms in $PS_HOME/scripts and running it in data mover. I used this to make PeopleSoft use the FREELISTS directive which made our DBA much happier about auto-generated DDL. See also this link from IT Toolbox which gives you more detail on the process.

PeopleSoft's upgrade tools like Change Assistant and Migration Assistant don't really support a separation of duties between the PS Admin and the DBA. If the administrator decides to apply a patch, Change assistant is going to download the patch, apply the patch to the database, and do any database creates and alters it deems necessary. Modifying this behavior isn't always easy or a good idea.

Yes, the project team really does need all of those databases. It just makes a lot of sense to create multiple databases for different tasks so things can happen in parallel. And if you're in production support mode, SOX requires separation of testing duties which requires seperate databases. But there are ways to automate database refreshes -- your admin should be able to help.

Don't try to keep the schema owner password (usually SYSADM in Oracle. DB's) away from the administrators. There are ways to get it through the application anyway if you have the right security, and administrators always have the right security.

Developers legitimately need SYSADM in the Development environment. They need to be able to experiment and rapidly try different approaches. But developers shouldn't have it in other databases. SOX and common sense require a little more structure to non-development DB's.

That's it for now. Please post a comment and let me know what I missed or what you might not agree with.

Comments (3)

... : Brent Martin

This topic was actually suggested by my friend Paco. I think there's a constant state of tension between application people and infrastructure people. With Sarbanes-Oxley, I guess that there's now tension with security people too.

I've usually seen the security issue dealt with by designating one of the test environments as a "security" environment where security is finalized and unit tested. I don't normally think of security (at least in PS) as a technical responsibility. PeopleSoft's rigid Page>Component>Menu structure allows security to be safely dealt with later in the cycle by non-developers.

I've seen time and time again where restrictions in the development environment has significantly lengthened development times causing key milestones to be missed with very little benefit in terms of accountability or control.

March 02, 2006

Comment from David Vandiver : David Vandiver : http://www.fusiontricks.com

Derek

To follow up with what Brent said, the whole process can slow down if you start to limit your developer in development. I usually suggest the security be built and tested in a testing environment. Though many projects I've been on didn't have a testing database on day one, seldom does security need to be nailed down at the begining of a project. Some of the security can't even be addressed until your developers have "built" the new pages (customization slope ahead...but we live for it).

The more you allow your developer to experiment in DEV, the more knowledgable they can be. I would step out on a limb and say that most of PeopleTools is learned thru experimenting with the product. We don't limit young drivers to just the backroads until they're 21 (I hope this is a wise analogy).

Best of luck.

David Vandiver

Consulting at the University of Houston

March 02, 2006

Comment from Derek : Derek : http://highlifeheaven.blogspot.com

Thank you both for your comments/responses.

David,

That is exactly the point I am trying to make to our infrastructure team. I hope they listen!

Thanks again

Derek

March 03, 2006

Write comment

Last Updated ( Thursday, 02 March 2006 )

< Prev		Next >

[ Back ]

Main Menu

Most Popular

Blog Roll

categories

Latest in Blog

Who's Online

Syndicate

CB Login

Recommended Products