I'll pass that on to our system/network administrators. :)
Actually, I'm in the uncomfortable position of having to trust my SA's
and NA's on this. We tried to order our own copy of the Resource Kit
and were denied since it was felt that DB Product Support had no need
for OS resource tools. So I have to go by what they tell me.
> Not true. You have to be granted a single Administrative right. No
> big deal.
Which one? "Login as a Service" doesn't do it. If you can tell me
which specific one, I'll run it up my SA/NA's nose until they let me try
> Oh well, then give up.
Not an option. At least, not the way you're implying.
> Look, if you just like UNIX, use UNIX. But if you want to give NT a
> chance, give NT a chance. ...
Hmmm ... let's see ... In production alone, I've got about 30 Unix
boxes running Sybase (compared to only about 24 UNIX boxes running
DB2/6000) and around 50 Intel boxes running NT and either MS or Sybase
DBMS's. And that's not even counting the two-hundred-plus PDC, BDC,
print, application and file servers running on NT boxes. I'd say NT's
been given a chance. The catch is ... 90% of those NT DB boxes are
running MS SQL Server, *not* Sybase. I'm trying to convince management
to switch from MS to Sybase.
> ... For instance, although every NT shop I've ever developed in had
> an administer who assigned rights and had "root" level rights
> himself, development teams were given the right to log onto the
> server locally, start and stop services,
> Rethink whether you want NT or are being forced to use it. Rethink
> whether your UNIX administrators should control the NT development
> servers if they don't know how to configure the security database.
This isn't a problem on testing and development boxes. The problem is
on production boxes. :( And, as I showed above, we've got a fair number
of them. And they're quite distributed, geographicly speaking.
The UNIX SA's have nothing to do with setting security policy ...
There's a IT team that reviews, determines and decrees security policies
for the whole corporation (35K+ employees nationwide). These policies
apply all the way from the largest MVS mainframe down to the smallest
(and oldest) i486/33 server. These policies strictly limit who has
access to System and Network Admin IDs and/or authorities.
> ... By the way, MS SQL Server has the same restrictions on starting
> and stopping services as SQL Anywhere or any other product which
> runs as an NT service.
Actually, about a year-and-a-half ago, MS has provided us with a small
utility that allows a non-SA/NA to start SQL Server related services
without requiring the user to have SA on the box. So this really isn't
an issue under MS SQL Server.
Please don't get me wrong, Dave. I'm not flaming Sybase for this. I
posted here hoping that other companies have solved this without
violating the rules I have to abide by. Sybase TS is so vastly superior
to MS's that I *REALLY* want to convert all our MS licenses to Sybase.
But I have to be able to give the Production DBA's the ability to
remotely support those production boxes too. :(
Patrick R. Sklenar
Distributed DB Product Support