How DBAs Can Keep Access To Production

DBAs really need to have access to production environments, Yaniv Yehuda explains one way of doing this.

Yaniv Yehuda

Apr. 12, 16 · Database Zone · Opinion

Like (1)

Save

3.71K Views

With the growing popularity of Agile, CI, CD, and DevOps, there must be control within all environments in order for them to succeed. If someone compiles an executable binary in his local environment and copies it to any other environment, the next build and deploy will override his change and all the work he has done will be gone. Today, I hope that no developer would think to copy an executable binary compiled locally to the integration, QA, or production environments.

So, how do we help a DBA keep their access to production?

The new process requires the ability to enforce a separation between the DBA who develops the change, and the DBA who actually executes it. In order to ensure such separation, the following must occur:

All database changes must be documented, with an enforced system that prevents any change if it isn’t documented (check-out/check-in on the database objects)

Another security mechanism on top of Oracle/MS-SQL that integrates with the company Active Directory, and can control who performs check-out/check-in

A system to generate the database deployment script from the source control repository. This system should utilize the baseline aware analysis to raise any red-flags and aid in conflicts merging

To learn more about the right way to implement source control in the database, read our white paper, "The Definitive Guide to Database Version Control".

Topics:

database, source control, continuous integration, dba

Published at DZone with permission of Yaniv Yehuda, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Comments

How DBAs Can Keep Access To Production

DBAs really need to have access to production environments, Yaniv Yehuda explains one way of doing this.

Database Partner Resources