How to avoid access to the database?

Asked

Viewed 181 times

1

The perfect world would be that no user (company employees) had access to the production bank and this is my goal, only I do not know what the steps to get to this point.

Today the devs have a "copy" of the production database, this is a problem today, but in addition to the devs the OPS team need the production data to generate metrics of the vendors.

I’ve thought about maybe creating an interface between the database and the people who access this information, but I don’t know if this is a viable solution and that maybe there were other methods or tools to do this.

What practices are used to protect database data, but still several sectors can read the data to generate their own metrics?

mysql database
  • 3

    It depends on what you want. This question lacks details, context.

  • I’ll complement @Maniero

  • 1

    @Kaduamaral if the focus is security maybe can leave from here, but there are other tools too.

  • Excellent, I will study this, it seems to fit perfectly in my architecture. If you can give an example of the other tools, because I don’t know any.

1 answer

3


What are the best ways to protect the database data, and several people have access to the database, but not all should be able to see all the data (specific tables or fields).

In a perfect world, the production bank should not be directly accessed, only by the application. Developers must have a replica of the database, with data that does not necessarily need to reflect the production.

Since not everything is perfect, the easiest way to control what happens in a bank is to create separate users for each person, each with their specific permissions.

And even the people who have access to everything, at a certain point can lose them.

Preferably for direct access to the bank recommend that users have only read permissions.

Update

I’ve thought about maybe creating an interface between the database and the people who access this information, but I don’t know if this is a viable solution and that maybe there were other methods or tools to do this. (that is the reason for the question)

This is the way, maybe not an interface, but a Data Warehouse service, where the data would already be consolidated and would not need direct access by the Ops team to the bank.

The problem with copies, is that if a dev is turned off, there contains sensitive data that it may have backed up in some personal account and end up putting the company in check.

In this case specifically you should be using Seeds with data not coming from the production database. And to take advantage of the package, use some form of Migration.

  • Hello Marlon, welcome to the community. I updated the question, if you can please supplement your reply thank you.

  • Thank you @Kaduamaral. Can you tell me what kind of problems you’re facing with copies of the banks for devs? So it gets a little easier for me to complement the answer.

  • The problem with copies, is that if a dev is turned off, there contains sensitive data that it may have backed up in some personal account and end up putting the company in check.

  • @Kaduamaral complemented the answer, see if it answers your questions

  • Marlon, I’ve been looking into Data Warehouse, and it seems to be what I need. About Migration, we already have and I will try to implement a fakes data solution for development banks. Thanks!

Browser other questions tagged mysql database

You are not signed in. Login or sign up in order to post.