How To Protect Data In Mysql From Peskey Users ?

[vincej]

HI - I work in a small company where I am solely responsible for all IT developments / infrastructure. My s/w is pretty solid, however I am a couple of "educated users" who insist on going into the database with their own downloaded reporting tools and pulling data out of MySql. Then of course something breaks and I have to clean up their mess. Politics prevents me from shutting them out of the systems entirely however, in the name of "security" I could do something to either prevent a connection, or obfuscate the data or something ... but I don't know what woudl be the best technical approach. Dealing with it through meetings and conversation etc has not had any effect.

 

I need a technical solution.

 

Many thanks for your suggestions !

[Jessica]

If they're only allowed to SELECT, they can't mess up anything.

 

Give them a user account which does not have any UPDATE or DELETE privileges.

[PFMaBiSmAd]

Why do users in the office even know the database username/password?

[ManiacDan]

Like Jesi said, give them accounts with only SELECT access, then they can't do anything but lock the tables.

[The Little Guy]

Build a php page that gives them only the functionality that they need.

[ManiacDan]

Build a php page that gives them only the functionality that they need.

If they're typing raw queries, this will still allow them to break things.

[The Little Guy]

If they're typing raw queries, this will still allow them to break things.

 

If they do the same queries all the time you could run it for them, and then do less clean up afterwards.

[ManiacDan]

 

 

If they do the same queries all the time you could run it for them, and then do less clean up afterwards.

But he says that he can't do that:

 

Politics prevents me from shutting them out of the systems entirely however

[KevinM1]

Like Jessica said, change the root password and give them user accounts with limited privileges.

 

Also, if you're solely responsible for your company's IT, then you're the one with power/leverage. Have a cordial, but firm, talk with your boss, and explain that the monkeys are making it harder for you to do your job. Their unfettered access forces you to waste time (which is money) cleaning up after them, and presents a danger to the data itself.

[ManiacDan]

Time and money is what you should focus on. Don't use words like "annoying" or "trouble," tell him that you did the math, and it costs the company $400/mo to give these people access to the data.

[spiderwell]

yup i managed to get our dev environment changed by explaining it in a way that showed it was losing money with the current set up.

[derwert]

vincej if you really can't remove their access to the server which would be my prefered solution then one option would be to give them access to a low end server that has the data duplicated over to it on a scheduled basis, let them run wild on that instead of the primary server. I don't like the idea of giving them even just the ability to run selects on the primary server, one wrong query and the cpu can spike and halt everything.