科技回声

I know all the reasons why this isn't a good idea, but everywhere I've worked, people do it to prevent ad-hoc requests from people who don't have access.<p>My feeling is that this is a "open secret" that most SMBs do it, but I'm keen to hear:<p>1. Whether you / your company does it 2. If you avoided it, how did you do that

We can’t do this in the industry I work in. We’re subject to regulatory compliance requirements like SOC2, FedRamp, and CJIS. If an auditor found that access to production databases wasn’t limited on a per-need basis and that access was audited, we’d face significant consequences.

No direct access, but we have a custom report builder tool in the (internal) web app that lets users write SQL queries (SELECT only) against a read-only replica of the production database. They can name and save those, even put them in their navigation menu.

Check out Bytebase which handles all human-to-db operations (schema change, ad-hoc change, ad-hoc query). Disclaimer: I am the co-founder.

we have opened up in read only mode. new fancy name is "self serve analytics"

Check out Bytebase which handles all human-to-db operations (schema change, ad-hoc change, ad-hoc query). Disclaimer: I am the co-founder.

we have opened up in read only mode. new fancy name is "self serve analytics"

Ask HN: How many of you open up your production DBs to internal users?

4 条评论

Ask HN: How many of you open up your production DBs to internal users?

4 条评论