I know all the reasons why this isn't a good idea, but everywhere I've worked, people do it to prevent ad-hoc requests from people who don't have access.
My feeling is that this is a "open secret" that most SMBs do it, but I'm keen to hear:
1. Whether you / your company does it
2. If you avoided it, how did you do that
by cebert on 1/22/25, 11:42 PM
We can’t do this in the industry I work in. We’re subject to regulatory compliance requirements like SOC2, FedRamp, and CJIS. If an auditor found that access to production databases wasn’t limited on a per-need basis and that access was audited, we’d face significant consequences.
by gregjor on 1/23/25, 12:32 AM
No direct access, but we have a custom report builder tool in the (internal) web app that lets users write SQL queries (SELECT only) against a read-only replica of the production database. They can name and save those, even put them in their navigation menu.
by tianzhou on 1/24/25, 10:46 AM
Check out Bytebase which handles all human-to-db operations (schema change, ad-hoc change, ad-hoc query). Disclaimer: I am the co-founder.
by keyurishah on 1/22/25, 11:29 PM
we have opened up in read only mode. new fancy name is "self serve analytics"