June 3, 2005 at 2:13 am
I've recently started a new job and it turns out that they let users query tables directly in the various databases for analysis work etc. Now this tends to make me a little nervous and i'm thinking its probably better if they queried views rather than the base tables themselves. What are other peoples views on this?
Growing old is mandatory, growing up is optional
June 3, 2005 at 5:54 am
Makes me nervous here (inherited from on old system, I would definitly not design a system like that). I talked about that to my boss and we decided to cut most of the guys out from accessing the tables directly. I had to modify the application so that they didn't need to query the tables directly thereafter. Now only my boss and another employee can access the tables (they both followed a programming course of a few 100 hours so it makes me less nervous).
June 5, 2005 at 7:15 am
While you're waiting to find the best solution, hopefully these users have only "select" permission on these tables - or better yet - a database role with specific permissions that these users are a member of ?!
**ASCII stupid question, get a stupid ANSI !!!**
June 6, 2005 at 1:06 am
If that was the case then i'd be a little happier! Time for a review of the security and peoples needs i think. They've not had a DBA here before and things have grown a little 'organically'!!
Growing old is mandatory, growing up is optional
June 6, 2005 at 6:04 am
Time to whip 'em into shape then! Show them who's GOD! <;-)
**ASCII stupid question, get a stupid ANSI !!!**
June 6, 2005 at 8:24 am
Sounds good to me .
June 6, 2005 at 8:34 am
I am assuming that these are your production OLTP databases.
The problem with having any "ad-hoc" access to these databases is that they may interfere with the performance and stability of the production users.
Don't think that restricting their secuirty and using only views will prevent them from interfering with the production users.
Rick
June 6, 2005 at 8:59 am
They are indeed our production databases. I'm going to come up with a different solution for anyone who needs to access live or semi live data on an ad-hoc basis. I've just run one of the scripts from here to see which users belong to which roles, it looks like every login has sysadmin !! At least i have the full backing of the big boss here to start kicking some butt!
Growing old is mandatory, growing up is optional
June 6, 2005 at 9:13 am
The "users" are always a complaining, unhappy bunch of people at the best of times...would hate to be in your shoes after you've cuffed and gagged them...
So it's good that you have the "full backing of the big boss" - can always stand behind him/her when it's turn to cower and hide!!! <;-)
**ASCII stupid question, get a stupid ANSI !!!**
June 7, 2005 at 1:35 am
I think i'll have to ask for a lockable office rather than my cubicle. Do they do DBA relocation programmes where they change your identity? Thats the first server i've looked at, i can't bring myself to look at the others. Thanks for the replies, i'll let you know if i survive
Growing old is mandatory, growing up is optional
Viewing 10 posts - 1 through 9 (of 9 total)
You must be logged in to reply to this topic. Login to reply