In order to “harden” our compliance, we wanted to enforce a two-persons rule on the MySQL production database for “manual fixes”. Such “manual fixes” frequently arise due to:
- Bug in the application (we are a fast company :D)
- Various customer requests that do not have an application feature implemented yet, such as GDPR update requests, special discounts, etc.
We wanted a process that does not require the two persons to be physically side-by-side. One person is on-call, rather junior and is responsible to translate customer service requests into SQL. They might need a GUI (such as MySQL Workbench) to navigate the complex data model and figure out the exact SQL script to produce. The SQL script should feature
SELECTs showing the data before and after the change in a non-committed transaction (e.g.,
AUTOCOMMIT OFF no
COMMIT at the end).
The second person is not on-call, rather senior, and fairly familiar with the application’s data model. They should be able to look at the SQL script the non-committed transaction output, and approve or reject via a mobile app during the evening.
We cannot be the first to have this or a similar requirements.
Does anyone know good documentation or tooling to implement such a process?
Here are some similar questions on the topic, but not quite as specific as the present one:
- What can a company do against insiders going rogue and negatively affecting essential infrastructure?
- How can two-man control be implemented efficiently?