April 24, 2007 at 6:10 am
Hi,
We're just starting to roll out Sql 2005 & we are coming under alot of pressure from our development dept to install the Sql 2005 Management Studio onto developers pc's. This causes us issues in several areas ( security, administration, unauthorised mods etc etc etc ) all of which we don't have quick solutions to ( like most companies, change takes time ! ), so I just wanted to know what other people have put in place to get tackle this kind of situation ?
I would be happy for any advice, but please bear in mind that the issues ( security etc ) are not things we can change quickly, so other approaches are needed !.
Thanks in advance for any replies.
jim
April 24, 2007 at 10:14 am
I currently work for a software services giant and the quick answer is every developer runs the developer edition locally with local copies of the database. The applications main RDBMS is Oracle 9i and 10g there we use Oracle clients and can connect to the developer edition of the database and make changes because it is not the real database. There is a very strict procedure in place before code can be checked in and the developers don't implement their code. Hope this helps.
Kind regards,
Gift Peddie
April 24, 2007 at 10:16 am
First, it depends on what your developers develop. If they are doing just front-end apps without creating the stored procedures, they obviously don't need to have a SSMS installed.
However, if they develop stored procedures, views, functions, etc, they need to have SSMS. You can give them dbo access (not sysadmin) to your development or test server, and this should work fine. Don't give them any kind of access to production machines. And I would recommend to use Windows authentication mode for them.
This is how it works in actually all the places where I worked before and work now.
April 24, 2007 at 10:24 am
In Software Engineering companies it is best to use test copy for development do regorous testing before implementation on the live database, I think that is the reason relational Algebra is useful live data not required.
This takes away data integrity issues, security issues and improve developer productivity.
Kind regards,
Gift Peddie
April 24, 2007 at 12:23 pm
We definately give the developers a copy of SSMS. In fact, they've got a Development server on their machines. They can't build structures into the dev servers, but we encourage their experimentation & learning.
----------------------------------------------------The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood... Theodore RooseveltThe Scary DBAAuthor of: SQL Server 2017 Query Performance Tuning, 5th Edition and SQL Server Execution Plans, 3rd EditionProduct Evangelist for Red Gate Software
April 25, 2007 at 11:47 am
We have DEV, Test, PQA, and Prod environments. DEV is pretty much open for developers to do what they want. Test has a few more restrictions. PQA no one knows passwords to, we move everything there as it is a copy of prod where users do final testing of functionality. Prod again, no one knows passwords except DBA's and server engineers to setup connectivity to dbs.
April 25, 2007 at 11:54 pm
Thanks for all your replies.
It's nice to see how others are managing this, unfortunately we have some rather interesting 'legacy' security issues meaning the lines between environments are some what hazy ( network & NT authentication & administration related ) & a couple of those totally outside of our control, so giving SSMS to all the developers opens up some avenues we don't want to & can't afford to!. We have over 70+ sqlservers and 700+ Db's...the majority in Prod & we can restrict access on only a fraction of those & not that quickly, so with your comments in mind, it looks like for the time being we will be not rolling out SMSS, that is, until we can cure the root of the issues with security ( nirvana !! ).
Thanks again for your comments, it has helped guide us with the tasks we need to accomplish before we can role out SMSS to developers.
j
April 26, 2007 at 7:37 am
Lets hope what your employer’s needs to get developed is easy so you can hire developers as needed but I for one have left jobs like yours because I was MCDBA certified before there are 10,000 people certified there is nothing a DBA knows that I don't know I choose to be a developer so I have a list of things I will not do that is one of them. You can be over ruled in some companies and in some places you become a liability pushing out needed talent. I have worked for a small bank the set up was the same as Markus posted and I was part of the data team like you. There the developers code goes to Q&A from there to my boss who checks out the code make corrections as needed send it back to the developers who runs it to make sure everything works then we deploy all the database code.
What developers do is none of your business what runs in your server is your business, it is that simple. And we had 68 SQL Servers and one Oracle 9i.
Kind regards,
Gift Peddie
April 26, 2007 at 9:16 am
hi gift,
i agree with your sentiments, yes, what developers do is none of my business, what runs on our servers in Prod is ( my responsibility ), a pertinent point, however i didn't explain the whole situation, which is that we also have a consultancy in house co developing the application, so, what our developers do in house they are accountable for, what an external consultancy does whilst in our house....now that's different....we cannot allow our lack of action over our security be potentially comprised by external ( but in house ) bodies regardless. I'm just the messenger here, what i can do to secure the Db servers is blown totally wide open by our domain architecture. I'd like nothing better than to give the developers the tools they need to get the job done effectively ( i used to be a developer for many years ), however in the real world, the cost of a security breach far outweighs that of finding an alternate tool for them to develop with, sorry to put it like that, but money talks when assessing risk & unfortunately the data here is seen as far more valuable than any developer or the developers requirements.....not my words, just a quote !
j
April 26, 2007 at 9:27 am
You are not getting the point we are trying to get across to you developers don't need access to your database servers but they need a development copy similar to where you will run their code. All you have now are excuses by people who control other peoples job tasks and most people just move on.
Kind regards,
Gift Peddie
April 26, 2007 at 9:32 am
Hi Gift,
I am sorry, but I am not getting to your points either.
April 26, 2007 at 9:39 am
My point is simple don't give developers access to your database servers give them a dev copy.
Kind regards,
Gift Peddie
April 26, 2007 at 9:46 am
hi,
sorry, i didn't explain very well (again) because of the domain security, developers can access all servers regardless of environment !...it's the legacy i have to deal with, so giving them SSMS increases the risk of even accidental changes when we're trying in some small way to reduce our risk & then hopefully somebody can takle the security issue.
It's complicated but ultimately i cannot change anything but just have to deal with the hand i have been dealt.
I was just interested in seeing if there was anyway we could give the developers SSMS whilst maintaining what little control we have, but i'm afraid it will just increase the lack of control & i'm the only DBA for the company 70+ sql servers, 10 Sybase 12.5 servers, 9 Oracle 9i/10g servers ( unix & Win NT ) etc etc etc.....i can't manage everything, sadly!
j
April 26, 2007 at 10:27 am
I am sorry you are doing more than three peoples job but if your employer pays for Team Suites you cannot control what developers do on the OLAP end now because Visual Studio replaces BI Management Studio and in 6 months VS will also replace the Management Studio on the Relational end so I think you need to ask for help before bad things like missing data happen with your production servers. You can easily get part time help to manage your developers code.
Kind regards,
Gift Peddie
Viewing 14 posts - 1 through 13 (of 13 total)
You must be logged in to reply to this topic. Login to reply