Hi all,
In an enterprise environment - DB connections need to be set up from the server and pushed down to your users; and they need to be managed across the various servers in your software lifecycle.
In other words - you may have a sandpit / dev server env; a UAT env; a pre-prod; and a prod env - and each of these need to have the same DCM credential IDs so that users can access these.
(before you say "you can do this from the desktop) - that is true, however that's not a workable solution in an enterprise env because that means that users can change the password from their desktop into a prod env which is a breach of IT General Controls)
The solution here is to break DCM out in to a separate service - where
- all your servers (dev; UAT; Pre-Prod; Prod) can all point to one instance of DCM
- users can maintain their own connections and credentials
- Each needs to have up to 2 owners so that you can deal with people moving jobs / leaving the firm
- users can also entitle these connections and credentials to their team members so that when the team member logs in, it shows a popup saying "you've just been given access to new credentials / connections"
- A particular connection may have multiple different variants - depending on the environment.
- HR Data may point to a UAT version of HR data if you're on the UAT server; and to Prod if you're on the Prod server
- if a connection is environment specific - then it also needs to have segregated credentials (since the login to your UAT HR Data may not be the same as prod).
Thank you all
sean
cc: @wesley-siu @_PavelP
