Keeping Customer From Accessing My Database?

cyteen02 writes "We run a data processing and tracking system for a customer in the UK. We provide a simple Web site where the customer can display the tracking data held in our Oracle database. From these screens they can query based on a combination of 15 different data fields, so it's pretty flexible. We also provide a csv report overnight of the previous day's data processing, which they can load into their own SQL Server database and produce whatever reports they want. Occasionally they also want one-off specific detailed reports, so we write the SQL for that and send them the results in an Excel format spreadsheet. This all ticks along happily. However they have now asked for direct read-only access to our Oracle database, to be able to run ad-hoc queries without consulting us. As a DBA, my heart sinks at the thought of amateurs pawing through my database. Unfortunately, 'because you are stupid' is not considered a valid business reason to reject their request. So can any Slashdotters assist me in building my case to restrict access? Have you experienced a similar situation? Have you had to support this sort of end user access? How would you advice me to keep my customer away from my precious tables?"

Re:A simple suggestion

[pla]

Think about it, the data is probably required for the customer's business process.

Big difference between "we want to query inventory levels every 30 seconds for no good reason" and "we can't look up customer information to complete basic transactions".

The former (which IMO sounds like basically what the FP has to deal with, micromanaging twits who wouldn't know what to do with the data if they had it) won't bring a business to its knees if you say "no". And The latter?


So saying 'no' is tantamount to 'you can't run your business', and the customer will become an ex-customer just like that.

If they can't do business without near-realtime access to that data, they made a damn poor choice in ever letting it out of their control in the first place, and someone (or a few people) need to lose their jobs over ever outsourcing such a vital task.

Anyway, if you look just a bit beyond the superficial question here, why would the customer want the requested access?

Simple: Because they already plan to stop using the FP author's services (at least, in his capacity as a custom report writer).


That's customer service!

Yes, actually, I'd call it pretty good customer service, once you accept a very important fact - "The customer is not always right". You don't sell guns to kids, you don't sell liquor to those already sloshed, and you don't give anyone raw (even RO) access to systems without a damned good reason. Sure, it sounds harmless on the surface... Until some wannabe DB guru brings the server to its knees. And when that happens, who do you think the customer will blame: The boss' nephew, or "those bastards holding our data hostage"?

Anyway, in this case, depending on all the contractual details, the customer might not actually "own" their data, so what kind of idiot would give them far more access without charging through the nose for it, and then call it "customer service"?