• xmunk@sh.itjust.works
    link
    fedilink
    arrow-up
    67
    ·
    1 year ago

    For everyone’s sanity, please restrict access to the prod DB to like two people. No company wants that to happen to them, and no developer wants to do that.

      • breadsmasher@lemmy.world
        link
        fedilink
        English
        arrow-up
        34
        ·
        1 year ago

        Datagrip has an option, and likely other database IDEs do as well - “Connect as READONLY”. Makes me feel a little safer

          • finestnothing@lemmy.world
            link
            fedilink
            arrow-up
            5
            ·
            1 year ago

            I don’t use readonly with dbeaver, but I do have the prod servers set to automatically make transactions and have to hit a button to commit. Almost certain it asks confirmation that I want to make the changes to prod which is nice too (I rarely have to touch our sql server prod)

    • lobut@lemmy.ca
      link
      fedilink
      arrow-up
      26
      ·
      1 year ago

      Just a funny story. All of our devs and even BAs used to have prod access. We all knew this was a bad idea and put in a process of hiring a DBA.

      I think in the first two weeks the DBA screwed up prod twice. I can’t remember the first mess up but the second he had a lock on the database and then went to lunch.

      We eventually hired two awesome DBAs to replace that one but oh boy.

      • Lionel@endlesstalk.org
        link
        fedilink
        arrow-up
        14
        ·
        1 year ago

        Imagine being hired to help prevent people from fucking something up, only to fuck that thing up in your first week—not once, but twice. You’d think after the first time it wouldn’t happen again…

    • rwhitisissle@lemmy.ml
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      I would say you can expand that on the following criteria: 1) a lot of people can have read access, but only a few should have write access, and read access should be restricted to specific tables without PII. 2) The people with write access should go through a Change Approval process: they submit the SQL they’re going to run and someone else approves or denies it before it can be done. 3) Every piece of SQL that modifies a table should be annotated with a comment and the ticket number in it in which that change was approved. 4) You should be able to rollback any committed change within an hour of it happening.