Segregation of Duties for a DBA

• Companies prefer to segregate the duties of database administrators. young business man 10 image by Paul Moore from Fotolia.com

  The segregation of duties for a DBA, or Database Administrator, refers to the duties that this individual is responsible for, and how (or to whom) they are delegated. Because the maintenance and upgrading of a database is often a large project, many individuals are needed in order to fulfill the role efficiently. Each person might only have a certain degree of access to the database, usually leaving full access to a central administrator.

Duties

• A database administrator will generally have a variety of duties to either delegate to other professionals or to undertake himself. These duties will include troubleshooting (answering or dealing with problems that may arise within the system), performance optimization (making sure the database runs as smoothly as possible, or is able to be improved), database creation, startup and shutdown (the basic function of this role) and system security (protection from internal and external threats). Delegating these and other functions is a clear must for any institution using a large database. Giving all of these duties to one individual is known as a "security red flag" and is inviting trouble in the future.

Advantages of Segregation

• The segregation of duties is a preferable option for businesses and auditors for a few reasons---mainly to do with either accidental or deliberate error. A single database administrator would have a great deal of control over a system database, whereas delegating the job's multiple duties spreads the responsibility, and therefore the level of access, across a wide range of personnel. This makes accidental errors easier to spot; an error is likely to negatively affect another individual, leading to a quicker realization that something has gone wrong. Segregating duties also makes deliberate fraud more difficult, as such an event would need the collusion of multiple members in order to succeed.

Administrator Controls

• Controls on the central database administrator are vital, as it wouldn't be worth going through the trouble of delegation for security when a single individual can bypass these controls. Restrictions must be placed on the administrator in order to safeguard the integrity of the database. For instance, you might have another individual review any and all updates the administrator makes to the database. Other controls should include read-only access when it comes to the day-to-day operations of the database and other important functions (i.e. movement of production, scriptwriting). Only in the case of emergencies should a database administrator be given full unrestricted access.