/
Data Warehouse Direct SQL Access

Data Warehouse Direct SQL Access

Owned by Marina Arseniev (Unlicensed)
Last updated: Jun 21, 2019


While there are situations where direct SQL Access to the Data Warehouse for sophisticated campus power users for data analytics are needed, the majority of use cases are handled well by our current adhoc query tools. Some of the challenges avoided by using adhoc reporting tools to query the data warehouse rather than direct  SQL include:

 

  1. Far less agility on the part of the DWH team to fix/change tables and data schema since SQL is hard wired to the database so user reports will break if the data schema is changed.
  2. Lack of row level security and the OIT expense of creating it at the database layer.  No role  based access.
  3. No KSAMS integration to track who grants authorization to view what data to whom
  4. Inability to use DUO second factor
  5. Lack of auditing
  6. Potential performance impact of incorrectly formed queries and cartesian products or mistakes that are not possible with indirect database access/reporting tools.
  7. Lack of metadata integration or any kind of built-in help.
  8. The potential end user support work load if 1000s of campus users need assistance or have questions about joins and data of the understaffed OIT DWH Team.
  9. Proliferation of tools that we won’t be able to support or manage (Excel, PowerBI, etc)
  10. Most users do not know SQL well enough to form reliable and trustworthy data reports.  These errors can be extremely costly from the business perspective if they provide erroneous results.
  11. Bad actor / intruder controls are reduced.  Even read only access provides a door into our databases that are currently behind firewalls and well protected.  Once in, malware or other means in the database or OS layer can allow intruders to get to our crown jewels, or use the database machines as pivot points to more critical assets behind firewalls. 
  12. The campus conducts an annual inventory of all data access to databases as part of compliance with SAS 112.  Users having direct access to databases are very difficult to track and inventory annually.  Managers must approve any OIT internal staff on this inventory and to extend it to the campus requires building better inventorying processes and tools.