Does an Oracle professional have an ethical duty to refuse to do an activity that might be detrimental to their databases?  Does a DBA have a responsibility to disclose an unauthorized break-in, when management wants it kept a secret?

Noted Oracle professional Dr. Daniel Morgan (Ph.D., Stanford University) suggests that a DBA should refuse to do work that has no benefit (and be willing to be fired as a consequence) for violating the terms of their employment agreement:

"And my comment is that professional ethics hopefully have led you to refuse to do so.  Physicians take the Hippocratic Oath and I wish that doing so was a required part of becoming a DBA.

"To practice and prescribe to the best of my ability for the good of my patients, and to try to avoid harming them."

Unnecessary procedures, in medicine, are a violation of that oath."

This is a great question; Does an Oracle professional have an ethical responsibility to refuse to fulfill their employment contract when ordered to do something stupid? 

Does an Oracle DBA have a duty to the general public to reveal a data loss that management wishes to "hide"?  Many Oracle job openings say that ethical responsibility is a part of the DBA's job:

"[the DBA job requires] Professionalism, accountability and ethics in dealing with customers, co-workers and vendors/partners are required."

Let's take a closer look at the question of ethical responsibility of an Oracle professional.

Oracle Ethics and IT management

While an Oracle consultant is free to refuse to perform work that may not correct a problem (an unwarranted reorganization of a database), a full-time employee has a different relationship.  A full-time employee has agreed to perform whatever duties are mandated by their CIO and DBA managers, and there responsibilities extend only to "suggesting" that a brain-damaged course of action may not be appropriate.

In my 25 years as a full-time DBA, I cannot count the number of "inappropriate" activities.  Most of these "come down from on high" by top management, usually after attending a management briefing or vendor presentation.  Here are some that come to-mind:

• In the 1980's an IBM executive once suggested that my shop use PROFS as a vehicle for signaling messages with in a complex application!
   

• Back in Oracle7, I was required to perform a massive rebuild of a database every weekend. I demonstrated that the system workload did not benefit, but I was over-ruled by the Oracle7 documentation that recommended periodic rebuilds.  Further, the end-user community insisted that their response time immediately following the reorg was great, and degraded steadily during the week.  Even today, the Oracle 11g documentation still notes that reorganizations are an integral part of the DBA job duties:

"An index-organized table and secondary indexes can be reorganized online to eliminate the reorganization maintenance window. Secondary indexes support efficient use of block hints (physical guesses). Invalid physical guesses of logical rowids stored in secondary indexes on index-organized table can also be repaired online."

• In the early 2000's an old-timer CIO insisted that their custom application design be fully normalized (BCNF), not recognizing that 3NF design can impose a high overhead of "unnecessary" table joins which could be alleviated with the judicious introduction of redundancy.
   

• A CIO attends a Microsoft presentation and orders the IT staff to dump their Oracle platform to move to SQL Server, citing as a reason that "Microsoft has a single source for both OS and database support, no finger pointing between vendors".
   

• In 1999, a CEO is informed that a foreign consulting company has placed an Oracle rootkit on the production server that is e-mailing their corporate data to China.  He ordered that the whole incident be hidden and not disclosed to the stockholders.
   

• The VP of marketing insists on opening-up a web portal for their customers, with direct connectivity to the production database.  When challenged, he cites that Oracle security is "unbreakable".
   

• IT management decides to outsource their DBA operations overseas to save money. The shop experiences several unplanned outages as a result.
   

• A functional manager ordered that his application be moved to RAC because a vendor presentation suggests that it would be irresponsible not to do-so.
   

• A vice president is informed that a SQL injection attack has caused their entire shopping cart to be stolen.  Rather than disclose it publicly and loose customer goodwill, the VP hides the unauthorized disclosure, and orders the DBA to remain silent.
   

• A IT manager wastes over $100k on unnecessary Oracle monitoring software, and orders the DBA to endorse the purchase, else be fired.

So, where does an Oracle professional "draw the line"?  Does an Oracle professional have a "duty" to violate their employment contract when asked to perform an unnecessary, illegal or "dangerous" task?