10 Replies Latest reply: Feb 18, 2013 12:53 AM by Nicolas.Gasparotto RSS

    Sysadm access

    ranjitkumar
      Hi

      we are running crm 8.9 and pt849 on db2 9.7.

      we are using db level id with sysadm access, now db2 dba wants to remove the sysadm access because some audit . he asking me what level of access i need for this Id. i dont know what i should reply him. can anyone help
        • 1. Re: Sysadm access
          Michel
          Tell your DBA that he should leave the SYSADM account alone. SYSADM is the database owner.
          • 2. Re: Sysadm access
            ranjitkumar
            we are using a DB id (stgcrm) it has sysadm access, now he want to reduce the level of access (from sysadm). he doesnt want to give me full DB access. so what is the level of access i should ask him for the id stgcrm?
            • 3. Re: Sysadm access
              Michel
              I'm confused. Does your DBA want to reduce access for SYSADM or for the STGCRM account? I'm not sure what you are using the STGCRM account for.
              • 4. Re: Sysadm access
                ranjitkumar
                he granted sysadm access to stgcrm account.(they are not sharing sysadm id to me) , now he want to reduce the level of access for the stgcrm id
                • 5. Re: Sysadm access
                  Michel
                  I've never heard of the STGCRM account, this isn't a standard PeopleSoft account. I'm not sure what you're using the STGCRM account for, but if it is for executing SQL statements on the database the access level can safely be reduced. You'll have to tell your DBA what you're using the account for. He should be able to reduce the level of access based on that information.
                  • 6. Re: Sysadm access
                    Nicolas.Gasparotto
                    he granted sysadm access to stgcrm account
                    I don't know what does it mean exactly, I'm not a DB2 ghuy though. However, every application has its own specifications on database level, and SYSADM's account is a special account. You can certainly revoke DBA access, that's more or less it.
                    What else your DBA is expecting ?

                    Nicolas.
                    • 7. Re: Sysadm access
                      ranjitkumar
                      PFB reply from my DBA. now what are all the access i should ask him?


                      "We have an audit requirement to audit dbadm access to the database. If the application continues to use this level of access it is likely that a hardware uplift would be required to support CPU and DISK required to audit all sql through the system. The audit is only really interested in DBA access not applications access.

                      Can you determine what access you require, then I can grant this access, ie create table, indexes tablespaces, read data, delete data, start traces, etc.....Then I can remove DBADM access from STGCRM with no issue."
                      • 8. Re: Sysadm access
                        Nicolas.Gasparotto
                        Is STGCRM your accessid ?
                        Anyway, again, I'm not a DB2 guy, but on Oracle you can revoke DBA from SYSADM. Now I hope you know some equivalent for DB2 (looks like it is DBADM).

                        Nicolas.
                        • 9. Re: Sysadm access
                          ranjitkumar
                          yes STGCRM is my access id. My dba says he want to remove DBADM access( sysadm in oracle) and will provide DATAACCESS at database level. i am not sure will this cause any issues?
                          • 10. Re: Sysadm access
                            Nicolas.Gasparotto
                            ranjitkumar wrote:
                            yes STGCRM is my access id. My dba says he want to remove DBADM access( sysadm in oracle) and will provide DATAACCESS at database level. i am not sure will this cause any issues?
                            I'm afraid, SYSADM is not a role and privilege neither that you can "remove". Again, I assume it is DBA which can be revoked. I do not know what covers DATAACCESS in DB2, but the user must be able to create/drop table/view/index.

                            Nicolas.