patternsqlMinor
Providing production MySQL access to outside company
Viewed 0 times
productioncompanyprovidingmysqloutsideaccess
Problem
We have one main production MySQL database with a read replica. This database has some sensitive data from clients that we need to protect.
My goal is to provide access to an external Business Intelligence reporting tool. As with all tools like this, they all say "we have great security, and we never store anything that we don't need, etc." I am still paranoid.
So what I am considering creating a bunch of views on the replica database (read-only) which leave out sensitive data and provide the minimum information that they need. After that, I will provision a new user on the database that only has access to those views. This way they only see the data that I want to give them and it's already read-only so nothing can be modified.
My question is, is this a good way to go about this considering my database has sensitive client information? In general, is this a relatively secure approach?
My goal is to provide access to an external Business Intelligence reporting tool. As with all tools like this, they all say "we have great security, and we never store anything that we don't need, etc." I am still paranoid.
So what I am considering creating a bunch of views on the replica database (read-only) which leave out sensitive data and provide the minimum information that they need. After that, I will provision a new user on the database that only has access to those views. This way they only see the data that I want to give them and it's already read-only so nothing can be modified.
My question is, is this a good way to go about this considering my database has sensitive client information? In general, is this a relatively secure approach?
Solution
Your approach seems to be sound. However, I am unsure of what real business intelligence can be gleaned if the reporting is made off of incomplete data. Create a dedicated user with limited privileges (IE No writing/dropping allowed). There is always a tradeoff of information security and information quality.
Perhaps it would be best to understand what you're hoping to accomplish with this reporting and identify what sensitive info can be removed.
Perhaps it would be best to understand what you're hoping to accomplish with this reporting and identify what sensitive info can be removed.
Context
StackExchange Database Administrators Q#163839, answer score: 3
Revisions (0)
No revisions yet.