The answer is No

There are times in a DBA’s life when the answer is No.  And for once I’m not talking about a DBA asking a girl out.  This time I’m talking about requests we get from our users.  I had such a request today.

A manager of another group came up and asked for a generic account that he could use to connect to the DB from an application.  The answer is No.  Sorry dude, but we don’t give out generic account unless it’s absolutely necessary.  And of course, then the insistance sets in that he has to have the generic account because it’s an application.  I said no, the app itself is running under an acct, and I’ll be happy to give that acct the perms.  He said, well it’s not that easy, this is a web app.  And I said well, that changes things significantly, and you’re right it’s not that easy.  He said see, I told you.  I said, it’s even easier.

You see, with a web app you can set the app pool to run under any acct you like, so connecting to a DB under certain credentials is wicked easy.  And it really is.  He said well, we also need to be able to connect using SSMS to be able to run a couple SPs manually.  So we were hoping to be able to use that acct for that as well.  Again, No.  Give me the accts you want to have these perms and I’ll make it happen. 

Now that’s the end of the conversation, but here’s a word for you guys reading this.  There are several ways to make this happen depending on how you layout the group (either in AD or SQL).  The point I’m trying to make here is that sometimes you have to make sure you service your customers in a way that’s best for the company.  They quite often ask for something specific that you can’t give them, but you can give them the equivalent.  Often times users ask for things a certain way because that’s all they know.  They get too caught up in solving a problem so they try to solve the problem the only way they know how… and in this case it was asking for a generic account.  But this is where we as DBAs need to step up and have the courage to guide them.  They may get upset, they may even insist that it be done their way, but they’re not DBAs, and they’re ass isn’t on the line.  It’s our job to make sure that it gets done right.

Now, just for completion here’s a video I did quite some time ago that shows you how to run a website under a specific account.  It’s in IIS 6, but it’ll show you how it’s done, and you should be able to transfer that skill to IIS 7 if you have to.  And if the app has a windows service it’s even easier… just run the service under the account you like and you’re golden.

4 thoughts on “The answer is No”

  1. “Often times users ask for things a certain way because that’s all they know. They get too caught up in solving a problem so they try to solve the problem the only way they know how… ”

    …or because they’re in love with a certain way of doing things. See, I’m currently expanding “users” to include “other folks in the IT group, because I have this exact same conversation every few days with someone or other.

    “But this is where we as DBAs need to step up and have the courage to guide them. They may get upset, they may even insist that it be done their way, but they’re not DBAs, and they’re ass isn’t on the line. It’s our job to make sure that it gets done right.”

    **CHEER**

  2. My old boss used to tell us we had to find a way to say yes. I would counter that saying yes and doing what’s right are often two different things. Saying yes is easy. Doing what’s right is hard.

  3. Speaking for the unwashed masses, I would *love it* if my DBAs would ask why I was trying to do something and then tell me how I *should* be doing it, saving me time, effort, and giving me the benefit of their experience.

Comments are closed.