In most organizations where I worked or had to deal with in my work, all of the administrators and programmers had full access to the databases, and any IT employee was a god on the network and could do anything. Why does this happen? There are two reasons for this:
1. Working in the same department or division, employees see each other every day for 8 hours and make friends. So how do you not give your friend full access? Friendship is friendship, and work is work.
2. Allocating some access rights and changing some configuration may require certain privileges. Administrators are sometimes lazy or just think that programmers will do a better job, so they give programmers excessive permissions. Programmers should never be involved in administration and should never have rights to do so.
In my experience, the second problem is very common, so we will examine it in more detail. When developing database programs, programmers know a superuser's password or just have database administrator rights. This is redundant and absolutely unsafe. Only the database administrator and nobody else should have full rights. Even the head of department, director and best friends can do with less privileges. For example, for software development, it is sufficient to have the rights of the schema owner in the Oracle database, where the worksheets are located. This is enough to create new tables, packages, indexes, and any other objects, as well as to share access rights to schema objects with other users. The system rights are absolutely not needed for the full work. If you do not have a database administrator on your staff, it is very bad. It is better when a single employee is responsible for the database, its performance, optimization and security. As a last database performance
resort, it is necessary to allocate one programmer who will be responsible, and only he will have https://www.sqlsplus.com
Judging by statistics, data losses most often come from within the company, i.e. its employees. Strangely enough, most continue to ignore this threat, and various databases continue to appear on disks in free access even in the subway.