The application - Do you understand the danger, and change permissions so "Schema Changes" can only be done by the "Schema Master"?

Last updated by Brook Jeynes [SSW] 5 months ago.See history

This rule has been archived
Archived Reason: Superseded by the rule

Having many people in a company that are able to make schema changes, can only lead to big problems. This gets worse if the application is powerful (eg. enabled with SSW SQL Deploy that can make schema changes itself) can make schema changes.

Let's see how to fix the issue:

To avoid this problem, only one person (the "Schema Master") or the release pipeline should have permissions to upgrade the database.

Figure: The db_owner role is granted for one person only – the "Schema Master"

Figure: And here is the "Schema Master" at SSW

We open source. Powered by GitHub