On my project, we were asked to open our database to the customer. At first I knew it was bad but I didn't have the argument to answer. I finally came to this mail.
They are currently asking customers what they really need to see. I see improvment :)
-----------------------
Hello @all,
In the backlog, we have this user story : As a user, I can request my data on a database copy.
I will need to know what are the reasons for this request. What information do users need?
In general, a request like this one comes from a lack of functionality in the application.
To rephrase, the question would be: What would these users need to have in the application to avoid having direct access to the database (replicated or not)?
If the answer is: "they already have access on their current application", it is not a good answer. :D
I have several problems with this:
- Security on the exposed data
- Performance risk (anyone can make risky SQL queries, even read-only ones)
- Data and performance control is no longer the responsibility of the informatic service alone
- It requires training these users on our data model
- It requires support when they can't do what they want
- It requires to change the data exposed when the model evolves
- Risk of having to justify ourself to the business on the data structure
- No guarantee that they use the extracted information correctly
- No tests on the exposed data
Topics that talk about the subject:
https://security.stackexchange.com/questions/175344/what-are-the-risks-of-allowing-business-users-direct-production-database-access
https://stackoverflow.com/questions/1559892/why-shouldnt-i-give-outsiders-access-to-my-database
Seen from below, it looks like a reporting / export / API exposure demand that has evolved because we don't know what we want to do.
Did the informatic service already authorized this type of demand before? If so, it's amazing.
Thank you for your answers.
"If so, it's amazing."
ReplyDeleteToujours autant le sens de la formule ^^