Oracle Database Administrators Fear the 'Super User'

By John Hazard  |  Posted 2008-09-25

What keeps Oracle database administrators up at night? Cranky servers? Hackers? Pushy vendor reps?

It's their colleagues. Specifically managers, administrators, consultants and partners, dubbed "Super Users," who have heightened access privileges. Such users could either maliciously or unintentionally compromise enterprise data and that worries Oracle DBAs more than any other threat, according to a recent survey, "Enterprise Data Insecurity: Are Organizations Prepared for the Threat from Within," commissioned by the IOUG (Independent Oracle Users Group).

The survey recounts the DBAs' concern over users with too much power to alter the data and upset the applecart.

  • Sixty percent of respondents said they are powerless to prevent users from reading or tampering with sensitive information in financial, HR or other business applications.

  • Thirty-one percent said users can bypass applications and gain access to application data in the database directly using ad hoc tools.

  • Thirty-nine percent said they don't have the monitoring capability to even know when such an event occurs. Another 25 percent couldn't answer the question.
  • To read the results of the IOUG study, click here.

    In other words, a disgruntled employee, employed by your company or a consultant, might have the ability to access, read and alter HR, payroll and customer data, undetected.

    You Can't Trust Your Data

    It's not just a security threat. It also means you can't trust your data or anything based on it.

    Consider the statement of one respondent to the survey who told questioners that at his company there is "absolutely no security access defined for internal employees. Employees do everything their own way and do not follow any strict guidelines."

    Another said, "Privileged users that have access to the data sometimes pull that information out into departmental developed systems and manipulate the data for reporting purposes. At that point the data is out of the control levels available to ensure validity. Without executive support to stop this type of practice, there is no guarantee about the accuracy of the reported information."

    Only 26 percent of DBAs reported they have safeguards to prevent a database administrator from accidentally dropping a table or unintentionally causing harm to critical application databases.

    This means that without these safeguards and monitors, the data you're relying on to feed your business intelligence applications, report to government regulators and maintain for e-discovery purposes, the data that forms the bedrock of your business decisions, is in jeopardy because a "Super User" has the ability to drop a table from a database.

    Rocket Fuel