|
|
|
Ethics for the Oracle professional
Oracle Database Tips by Donald BurlesonNovember 3, 2015
|
Does an Oracle professional have an ethical duty to refuse
to do an activity that might be detrimental to their databases? Does a DBA
have a responsibility to disclose an unauthorized break-in, when management
wants it kept a secret?
Noted Oracle professional Dr. Daniel Morgan (Ph.D.,
Stanford University)
suggests that a DBA should refuse to do work that has no benefit (and be
willing to be fired as a consequence) for violating the terms of their
employment agreement:
"And my comment is that professional ethics hopefully
have led you to refuse to do so. Physicians take the Hippocratic Oath
and I wish that doing so was a required part of becoming a DBA.
"To practice and prescribe to the best of my ability for the good of my
patients, and to try to avoid harming them."
Unnecessary procedures, in medicine, are a violation of that oath."
This is a great question; Does an Oracle professional have
an ethical responsibility to refuse to fulfill their employment contract when
ordered to do something stupid?
Does an Oracle DBA have a duty to the general public to
reveal a data loss that management wishes to "hide"? Many Oracle job
openings say that ethical responsibility is a part of the DBA's job:
"[the DBA job requires] Professionalism, accountability
and ethics in dealing with customers, co-workers and vendors/partners are
required."
Let's take a closer look at the question of ethical
responsibility of an Oracle professional.
Oracle Ethics and IT management
While an Oracle consultant is free to refuse to perform
work that may not correct a problem (an unwarranted reorganization of a
database), a full-time employee has a different relationship. A full-time
employee has agreed to perform whatever duties are mandated by their CIO and DBA
managers, and there responsibilities extend only to "suggesting" that a
brain-damaged course of action may not be appropriate.
In my 25 years as a full-time DBA, I cannot count the
number of "inappropriate" activities. Most of these "come down from on
high" by top management, usually after attending a management briefing or vendor
presentation. Here are some that come to-mind:
-
In the 1980's an IBM executive once suggested that my
shop use PROFS as a vehicle for signaling messages with in a complex
application!
-
Back in Oracle7, I was required to perform a massive
rebuild of a database every weekend. I demonstrated that the system workload
did not benefit, but I was over-ruled by the Oracle7 documentation that
recommended periodic rebuilds. Further, the end-user community
insisted that their response time immediately following the reorg was great,
and degraded steadily during the week. Even today, the
Oracle 11g documentation still notes that reorganizations are an
integral part of the DBA job duties:
"An index-organized table and secondary indexes can be
reorganized online to eliminate the reorganization maintenance window.
Secondary indexes support efficient use of block hints (physical guesses).
Invalid physical guesses of logical rowids stored in secondary indexes on
index-organized table can also be repaired online."
-
In the early 2000's an old-timer CIO insisted that
their custom application design be fully normalized (BCNF), not recognizing
that 3NF design can impose a high overhead of "unnecessary" table joins
which could be alleviated with the judicious introduction of redundancy.
-
A CIO attends a Microsoft presentation and orders the
IT staff to dump their Oracle platform to move to SQL Server, citing as a
reason that "Microsoft has a single source for both OS and database support,
no finger pointing between vendors".
-
In 1999, a CEO is informed that a foreign consulting
company has placed an
Oracle rootkit
on the production server that is e-mailing their corporate data to China.
He ordered that the whole incident be hidden and not disclosed to the
stockholders.
-
The VP of marketing insists on opening-up a web portal
for their customers, with direct connectivity to the production database.
When challenged, he cites that Oracle security is "unbreakable".
-
IT management decides to outsource their DBA operations
overseas to save money. The shop experiences several unplanned outages as a
result.
-
A functional manager ordered that his application be
moved to RAC because a vendor presentation suggests that it would be
irresponsible not to do-so.
-
A vice president is informed that a SQL injection
attack has caused their entire shopping cart to be stolen. Rather than
disclose it publicly and loose customer goodwill, the VP hides the
unauthorized disclosure, and orders the DBA to remain silent.
-
A IT manager wastes over $100k on unnecessary Oracle
monitoring software, and orders the DBA to endorse the purchase, else be
fired.
So, where does an Oracle professional "draw the line"?
Does an Oracle professional have a "duty" to violate their employment contract
when asked to perform an unnecessary, illegal or "dangerous" task?
|
If you like Oracle tuning, you
might enjoy my book "Oracle
Tuning: The Definitive Reference", with 950 pages of tuning tips and
scripts.
You can buy it direct from the publisher for 30%-off and get instant
access to the code depot of Oracle tuning scripts. |
|