Who needs permission?
No, we're the company that actually makes the base software. We get the money if you use the software. It's in our best interest to write as little as possible and do so as cleanly as possible. Now, no app this big and variable is "clean", but it's relatively cruft-free and it works pretty well. After various security incidents we also found it to be in our best interest to lock as many people as possible out of system areas and access points and let only our internal components do the actual reading and writing.
Since every insert, delete, drop, and change to the database is handled by the sytem's own admin user account, it would stand to reason that this acount would need full access to the database. My techno-tard sister understands this (as long as I put it into restaurant terms, thusly):
"The restaurant is being more careful with the booze. The customers can't pour their own drinks; they have to ask the waiters. The waiters have to go ask the bartender for the order. When the bartender runs out of some bottle -- say, Hendrick's Gin -- he has to go to the manager for a fresh bottle. The manager then has to go to the basement to get the bottle from the liquor cage. All clear?"So I think it's understandable that I was more or less gobsmacked by this beauty of a Service Ticket:
"Sure. So what's the problem?"
"The landlord won't give the manager the basement key."
"The database administrator refuses to execute the InitialUserSetup.sql and he wants to give to the two Admin users the permissions that he considers pertiment - I want to know the implications of this practice in the rest of the aplication."The my-head-shaped-dent in front of my keyboard received my forehead in much the same way as the Utah desert received the Genesis probe.
He then continued explaining that he had another problem, namely stuff like:
Thousands of lines like it following Every. Single. Operation.
[DataDirect][ODBC Oracle driver]String data, right truncated. Error in parameter 18.
Error inserting row 147433 into table $TABLE
So, in summary, the Database Administrator doesn't want to grant the system permission to access its own database, and the Application Dude doesn't understand why writes to the database are failing.
I need a Root Cause 34 for this SR. The pair of 'em.