Enhancing and Reinforcing Security
Database security is more than just the ability to detect and prevent unauthorized access to data contained within the database. Of course, a complete and accurate audit trail of changes is also important, but maintaining this level of documentation, particularly with absolute accuracy, can be time-consuming and inhibit workflows in some circumstances.
But there’s another factor of equal importance: the ability to prevent unauthorized changes to both the database structure and the data it contains. This includes unauthorized changes by users without the proper authorization and credentials to access the database. DBmaestro DevOps Platform offers database permissions management, prevents unauthorized changes to your database and produces a comprehensive audit and compliance reports that tells you:
- Who made changes to the database
- What specific changes were made
- When changes took place
- Why these changes were made
Using roles, responsibilities, and permissions, DBmaestro DevOps Platform prevents unauthorized persons from making changes to your databases (for example: SQL Server, Oracle).
Unenforced Authorization Policies Can Easily Lead to Catastrophe
Many organizations have rules outlining who is authorized to change various database objects and table structures, but they lack the tools necessary to adequately enforce these policies. For practicality, developers and DBAs often work from the same database user account – the owner of all database objects. But what’s more, they may use the same database login account and password in all environments, including Development, Integration, QA, Pre-production, UAT (User Acceptance Tests), and, in some cases, even in Production.
This system, set up for convenience, can easily backfire with adverse effects by enabling any QA user and DBA to change any database object, at any time, and in any environment. The consequences of this can be not only time-consuming to rectify, but extraordinarily expensive should unauthorized changes override legitimate changes in production, causing the application to crash.
DBmaestro DevOps Platform’s Sophisticated-Yet-Simple Security Mechanism Solves Major Challenges
DBmaestro DevOps Platform’s enhanced security mechanism controls changes to database objects at both the Windows account level and domain group level, allowing you to easily define a database change policy that prevents undocumented database changes, controls who can do what, and records what they did, when they did it, and why they did it.
This is achieved through the granting of different access levels in different environments for each user, giving the administrator full control with the ability to grant very granular access settings. Users, based on their role and responsibilities, can be granted permission to change only certain parts of each database or schema, regardless of what login credentials they were using to connect to that database. In DBmaestro DevOps Platform, no objects can be changed without first being Checked-Out, and the system will not allow any user without appropriate access permissions to check out an object – in effect, completely eliminating the possibility of unauthorized changes to any database object.