Ask HN: Did you ever have to push against founders/CEOs having database access? - yuhong
======
elmerfud
No, but there seems to be more to this than a simple question about access.

Usually when a question about access comes up the root concern is more the
accountability. Access used appropriately is rarely a problem, but access
misused can be very damaging.

In small organizations is not uncommon for everyone to have access to
everything. The required knowledge domain is small enough that everyone knows
what's going on and everyone needs to be able to address issues without undue
delays from process. The larger the organization grows this begins to break
down and access needs to be segregated to groups that understand their areas.
This prevents a person from making changes to things for which they do not
understand the impact.

If your organization is at this point and you feel like you need to push on
denying access to something, be it founders or others, you should consider the
why of this. Do these people insist on access to the DB due to lack of trust
of those responsible for the DB? Are you as committed to the organization as a
founder or CEO? Are they causing disruptions/outages by having this access?

Ultimately founders, owners & c levels are usually the chief decision makers
and therefore should have the ability to access nearly anything, and they'll
view it as such. Their house, they should have keys to it kind of thing. So
perhaps the argument to be made is, just because it's your house you shouldn't
leave a mess because we all have to live here too.

------
techjuice
No, normally they will not ask for it unless they are actually doing software
or system engineering work on the products. If they are the non-engineering
type then they normally have an executive dashboard interface that they use to
find the information they are looking for vs a DevOps dashboard.

For those that are not actually doing work on the product that request access
or any managerial/executive types they are normally forbidden direct access to
any production or testing systems unless they are actually doing engineering
work. This access is denied via physical access controls ( no PMs, managers or
executives in the datacenters, network closets or anywhere there are servers
or networking gear ). Logical access controls, there systems cannot access the
development network or databases, they go through the frontend or internally
through a web application interface just like finance, accounting, marketing,
etc. go through.

The only people that can directly access the servers or networking equipment
are a small amount of top level networking, security and system engineers. As
for most companies, especially those with industry certifications or that work
with the government (RMF for example) want you to insure that least privilege
access and access based on job role be used.

This means the PMs and executive level people do not get direct access to
anything and have to go through the proper channels if they need engineering
channels if they need more information than what is not available through the
standard interface.

