this post was submitted on 06 Nov 2023
1315 points (98.7% liked)

Programmer Humor

32479 readers
234 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] xmunk@sh.itjust.works 67 points 1 year ago (3 children)

For everyone's sanity, please restrict access to the prod DB to like two people. No company wants that to happen to them, and no developer wants to do that.

[–] HugeCounterargument@lemm.ee 69 points 1 year ago (1 children)

Me applying for any database access ever: “read only. I do not want write. READ ONLY.”

[–] breadsmasher@lemmy.world 33 points 1 year ago (1 children)

Datagrip has an option, and likely other database IDEs do as well - “Connect as READONLY”. Makes me feel a little safer

[–] lobut@lemmy.ca 26 points 1 year ago (1 children)

Just a funny story. All of our devs and even BAs used to have prod access. We all knew this was a bad idea and put in a process of hiring a DBA.

I think in the first two weeks the DBA screwed up prod twice. I can't remember the first mess up but the second he had a lock on the database and then went to lunch.

We eventually hired two awesome DBAs to replace that one but oh boy.

[–] Lionel@endlesstalk.org 14 points 1 year ago

Imagine being hired to help prevent people from fucking something up, only to fuck that thing up in your first week—not once, but twice. You’d think after the first time it wouldn’t happen again…

[–] rwhitisissle@lemmy.ml 4 points 1 year ago

I would say you can expand that on the following criteria: 1) a lot of people can have read access, but only a few should have write access, and read access should be restricted to specific tables without PII. 2) The people with write access should go through a Change Approval process: they submit the SQL they're going to run and someone else approves or denies it before it can be done. 3) Every piece of SQL that modifies a table should be annotated with a comment and the ticket number in it in which that change was approved. 4) You should be able to rollback any committed change within an hour of it happening.