Ask HN: How many of you open up your production DBs to internal users?

cebert · 2025-01-22T23:42:23 1737589343

We can’t do this in the industry I work in. We’re subject to regulatory compliance requirements like SOC2, FedRamp, and CJIS. If an auditor found that access to production databases wasn’t limited on a per-need basis and that access was audited, we’d face significant consequences.

lunarcave · 2025-01-23T00:57:24 1737593844

Fair. But my intuition is that people do it until they get restricted by compliance, after which they seem to invest in a proper setup.

gregjor · 2025-01-23T00:32:21 1737592341

No direct access, but we have a custom report builder tool in the (internal) web app that lets users write SQL queries (SELECT only) against a read-only replica of the production database. They can name and save those, even put them in their navigation menu.

lunarcave · 2025-01-23T00:55:44 1737593744

Thanks. And I assume that the web app allows them to do parameterization of ids etc?

gregjor · 2025-01-23T01:27:04 1737595624

Users can put placeholders in the query (e.g. :student_id, :year) and then get prompted for those when they run the query. Results page supports filtering and sorting, and saving to CSV/Excel.

This wasn't intended as an end-user tool because few users know SQL or the database schema -- a few do. I wrote it because we get a lot of one-off or once-a-quarter requests for reports and CSV for Excel.

tianzhou · 2025-01-24T10:46:07 1737715567

Check out Bytebase which handles all human-to-db operations (schema change, ad-hoc change, ad-hoc query). Disclaimer: I am the co-founder.

keyurishah · 2025-01-22T23:29:50 1737588590

we have opened up in read only mode. new fancy name is "self serve analytics"

lunarcave · 2025-01-23T00:58:31 1737593911

Interesting. How do the users connect to it? Do they tunnel into it or is there an application that acts as the proxy?