DLM Dashboard as a team tool
DLM Dashboard is a great collaborative tool, which integrates with lots of different services. However, some teams told us that they couldn’t use DLM Dashboard without support for users and permissions.
Previously, access to DLM Dashboard was entirely unrestricted. Essentially, all users were given administrator permissions. As the tool grew in popularity, we started to receive feedback from users who wanted to control access to the tool and segregate duties.
Many of these users are in the financial sector, where organizations often work to the principle of least required access. In audit situations especially, it’s important to be able to demonstrate that only certain users can acknowledge schema changes. With unrestricted access, DLM Dashboard wasn’t compliant with the policies of some companies, or with Sarbanes-Oxley regulations.
There was also no way to restrict access to schema details. Any user with a Windows login could access DLM Dashboard and view schema changes. In smaller teams, this level of security may be adequate, but many larger companies have policies in place to forbid tools that can’t restrict access to data.
Intuitive permissions
To make a better team tool, we needed to build a simple, effective mechanism for managing users and permissions. We started by creating a list of the actions available to users, and then divided them into groups. This gave us four permission levels: View, Acknowledge, Configure, and Administrator (for details on permissions levels, see Managing users and permissions).
These permissions are not enabled by default. The user who enables permissions becomes an Administrator, and all authenticated users in the domain are given View permissions. If a user tries to access something they aren’t allowed to, for example a user with View permissions trying to add a new database, they are given the option to request access (see Requesting permissions).
The request access page
Clicking Request access generates an email addressed to DLM Dashboard administrators. To grant access to the user, an administrator has to follow the link in the email and review the request:
The review permissions request page is prefilled with the requested permissions
Administrators can also manage permissions manually on the Users tab of the Configuration page:
Manually managing permissions
What do you think about this?
We’re always looking for feedback and suggestions for ways to improve the tool. Please log your suggestions on the DLM Dashboard UserVoice page.
Tools in this post
You may also like
Blog
Four steps towards tackling the complexity of managing multiple database platforms
Blog
5 things to look for in a database monitoring tool
Blog