Production access

Post #327,676 by malraux 6/9/10 11:02:16 PM Reply	Production access How do you handle it? Given that DBAs will need access to the production DB, and given that human error will occur, how do you manage read and write access to a production database such that human error is minimized? Regards, -scott Welcome to Rivendell, Mr. Anderson.
Post #327,677 by drook 6/9/10 11:08:35 PM Reply	Layers and layers of bureaucracy And don't forget a composition book hanging from a string tied to the handles on the server, where each person making changes writes a log entry saying what they did. What, do I sound like someone who's been through a SOX exercise? -- Drew
Post #327,679 by static 6/9/10 11:13:51 PM Reply	DBAs? or DB Programmers? In companies big enough to have both in quite different groups, I've found that the DBAs don't know much about the database layout and thus doing things on the DB's CLI is generally an exercise in "Do I Know What I'm Doing?" At the least, a DBA should have ready access to the Operations' restore system if he bolluxes something up. Yes, I've seen that done, too. DB Programmers, OTOH, have more problems. I'm one of the latter. I make sure I modify my MySQL prompt to tell me what DB I'm on. I also have enough discipline to only use the actual Prod Master DB for changes; I have a separate connection to a slave for looking at the data, and a dev database all of my own for playing with the data. Wade. Q:Is it proper to eat cheeseburgers with your fingers? A:No, the fingers should be eaten separately.
Post #327,684 by mvitale 6/10/10 12:22:49 AM Reply	Re: Production access Access control? Layers of security? What are those? -Mike "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, 1759 Historical Review of Pennsylvania
Post #327,686 by pwhysall 6/10/10 2:23:27 AM Reply	Fear Advise all DBAs that the four-pound lump hammer on your desk will be an integral part of any problem post-mortem, as will a real post-mortem. That, and careful definition up-front of what access is required, for what reason, and when. To the point of having them say "I want to run this T-SQL >shows script< against the production database".
Post #327,692 by boxley 6/10/10 8:07:18 AM Reply	build in lots of annoyances such as the following product that I trip across. Good thing I know how to route around it. http://www.imperva.c...ase-firewall.html
Post #327,693 by folkert 6/10/10 8:27:09 AM Reply	Limit Access and put in safeguards. Humans are going to over ride anything and everything in the name of ease. Many DBAs (and programmers) have a tendency to think they are immutable / invincible. You have to put up as many roadblock as needed to keep them from becoming complacent. Its the same with programmers. Most (I said most) of them I know, also assume many thing that lead to a simple mistake taking huge amounts of time and effort to fixup. So, my final word of advice is: Make it a huge pain in the butt to get to the data. Only allow admin access from certain machines that are heavily locked down and they can't get all comfy and personalized.
Post #327,696 by boxley 6/10/10 8:56:55 AM Reply	easier than that roll a snapshot of prod data to test boxen, let them play all they wish. Have them write a MOP (telco for a line by line command set) and have a mook run it on the test box, then let them do the same MOP in prod if it worked in test.
Post #327,702 by drook 6/10/10 9:24:05 AM Reply	Aww, that's no fun A real answer? You don't play right. -- Drew
Post #327,715 by folkert 6/10/10 11:24:15 AM Reply	Sure, I'm all for that... But when you have Multi-Billion Dollar brokerages breathing down your neck for a fix RIGHT NOW on something... You have to account for that contingency. Limited access with painful non-customized for a person working conditions is known to heighten awareness and make the people pay attention as its not familiar... and causes double checking that would not normally happen at their workstation.
Post #327,755 by static 6/10/10 7:40:23 PM Reply	"Failure to plan..." But when you have Multi-Billion Dollar brokerages breathing down your neck for a fix RIGHT NOW on something... That needs to involve management in the solution, not just technology. You know that, and I know you know that. :-) Wade. Q:Is it proper to eat cheeseburgers with your fingers? A:No, the fingers should be eaten separately.
Post #327,757 by folkert 6/10/10 8:04:59 PM Reply	Which is exactly... Why I said stand alone machines that is for those emergency situations only. It involves Management approval and CYA.
Post #327,758 by static 6/10/10 8:10:18 PM Reply	Absolutely. Q:Is it proper to eat cheeseburgers with your fingers? A:No, the fingers should be eaten separately.
Post #327,766 by Silverlock 6/10/10 9:29:01 PM Reply	TMFDEO This Machine For Dire Emergencies Only. I think the single most compelling piece of evidence for global warming is that Fox News viewers think it's a hoax.
Post #327,966 by jbrabeck 6/14/10 2:45:27 PM Reply	Sounds like here... And all the data on out test boxen has been scrubbed of personal identifiable information. Developers do not have write access to production data. Red Sox, White Sox, or SOX.
Post #328,021 by malraux 6/15/10 11:46:40 AM Reply	Thanks all. Regards, -scott Welcome to Rivendell, Mr. Anderson.

Welcome to IWETHEY!