Keeping Customer From Accessing My Database? 567
cyteen02 writes "We run a data processing and tracking system for a customer in the UK. We provide a simple Web site where the customer can display the tracking data held in our Oracle database. From these screens they can query based on a combination of 15 different data fields, so it's pretty flexible. We also provide a csv report overnight of the previous day's data processing, which they can load into their own SQL Server database and produce whatever reports they want. Occasionally they also want one-off specific detailed reports, so we write the SQL for that and send them the results in an Excel format spreadsheet. This all ticks along happily. However they have now asked for direct read-only access to our Oracle database, to be able to run ad-hoc queries without consulting us. As a DBA, my heart sinks at the thought of amateurs pawing through my database. Unfortunately, 'because you are stupid' is not considered a valid business reason to reject their request. So can any Slashdotters assist me in building my case to restrict access? Have you experienced a similar situation? Have you had to support this sort of end user access? How would you advice me to keep my customer away from my precious tables?"
Re:Reporting Database (Score:3, Interesting)
Oracle Seat License (Score:3, Interesting)
No discounts.
You do not answer SQL questions.
Provide 2yr old data dictionary (just like MS does)
Re:Reporting Database (Score:4, Interesting)
Data Protection Act (Score:1, Interesting)
Play the performance card (Score:2, Interesting)
Tell your bosses that allowing your customers SQL access to your database could allow them to input inefficient queries that could grind your whole system to a halt. Then none of your customers will have access to the DB.
You could also say that if a security vulnerability is present in your DB vendor's product, it will be much more easily exploitable through direct SQL.
Pay more money! (Score:2, Interesting)
Re:You seem to be the problem (Score:3, Interesting)
Pre-process all data requests. (Score:3, Interesting)
Just say no (Score:5, Interesting)
I simply say that "Due to other client data being in the same database I am unable to allow you access. Since doing so would violate the privacy and security of their data, I sure that you would understand why I can't do that. I'm also sure how you would feel if the roles were reversed and how you would feel if another client asked for direct access and could see or read your data."
Usually this takes care of the problem. If not, tell them how much it will cost to set up a stand alone database that only contains their data and then give them some unreasonable amount. If they agree, then you just made your company a nice chunk of change. You then set up the database, and the scripts to replicate the data to back it up (when the client hoses themselves) and move on. When the call comes in that they hosed their database, you charge them for the time to restore from the back-up times a factor of two or three, and again, you've set yourself as the goldenchild for your company by making them money.
-Goran
Re:You seem to be the problem (Score:5, Interesting)
Re:Reporting Database (Score:5, Interesting)
Re:Why? (Score:5, Interesting)
I think he was asking us to help him flesh out his argument, ie give him some reasons to back up his intuition. Well intentioned or not, your response is like telling someone who's asking for directions that they are lost.
Re:Reporting Database (Score:5, Interesting)
Oracle Application & Reporting Server (Score:2, Interesting)
Oracle Application Server Overview: http://www.oracle.com/appserver/appserver_family.html [oracle.com]
Oracle Reports Server Overview: http://www.oracle.com/technology/products/reports/index.html [oracle.com]
-- Michael
Only one safe way to do it (Score:4, Interesting)
If money (in the form of ridiculously expensive oracle licenses) is a concern, then just create a daily backup and run the copy in mysql for the customer.
-Matt
Re:Been there, doing that and more... (Score:3, Interesting)
I've had customers like that as well. Honestly, since they're paying and it's their data I can see where they're coming from.
On the other hand, I usually have someone sign off on a MOU that they understand writing to their database outside of the application is inherently risky, and that they understand there will be additional charges for recovery work.
WHEN a customer mangles their data we get to test our recovery processes. So far, so good.
Also good to have multiple backups using multiple methods. I've had customers mangle multiple tables, so a full database restore with point in time recovery was best while other customers munged up one table, so a restore from export worked out better.
Re:Reporting Database (Score:1, Interesting)
Re:Just say no (Score:4, Interesting)
infinite interface (Score:2, Interesting)
This is actually my favorite reason for using stored procedures (yes, above performance and security). It's a clear interface definition. Don't break the procedures and you're fine. If there is ad hoc sql running against your database, your interface is basically infinite.
Re:A simple suggestion (Score:5, Interesting)
Further down this thread people start mentioning the silly query overloading the server issue. Now this is a real issue but it can be made to work either way you want. We had a similar request from a customer several years ago but we were not so opposed to giving them read only access if it could be done safely. We choose to set up a separate replicated server that they could query directly. If they wipe out the server with a silly query, who cares since it only effects them. The work involved in setting this up, its maintenance and hosting were all chargeable thereby making us more profit. This keeps them happy, the management team happy and me happy since my company operates a profit sharing scheme.
If you still are unable to see the benefit of giving them access then the best bet might be an intellectual property argument. Depending on whether you or they own the IP of the system you provide you may be able to argue that the database structure is a proprietary work and that exposing it would be against company policy in that regard.
Somewhere I used to work had a less than optimal database structure we all inherited from the previous developers who build the system. We knew how bad the design was but changing it was a huge job that we could not make the time to do as we were busy on paid work for other clients. We successfully avoided letting the customer see how awful the design was until the contract ended (it was a fixed term job that could not be extended) by making the IP argument.
Re:A simple suggestion (Score:2, Interesting)
Comment removed (Score:4, Interesting)
Re:A simple suggestion (Score:4, Interesting)
creating views limited to their data is a great, easy solution for limiting rows within the same table.
looking at it from a longer term perspective, if you think that this ability is something many of your customers would use, you can look in to what oracle calls Virtual Private Database (VPD). VPD allows you to set rules on tables that, on the server, adds a predicate to all SQL ran against that table. Essestially, it forces a WHERE clause of your choosing for all select, insert, update, delete statements.
if you tie that to a lookup table, say of logged on user's CompanyID#, any statement they send can only ever affect that subset of rows.
'delete * from orders' from Ted@Acme Inc (ComanyID#=5) would turn into: 'delete * from orders where companyid#=5'
fun stuff
Re:A simple suggestion (Score:3, Interesting)