April 29, 2019 at 9:49 pm
Hi All,
An interesting problem (for me). I am ending a long-running contract with some customers. They wish to keep the databases in read-only mode (they are keeping the physical servers). But they wish the databases to be available for read-only access only.
I have pointed out that as long as they have administrators in their domain/network IT support team, I can't think of a way for them to guarantee the databases can't be switched back into read-write mode and the data be changed by a malicious user with full admin access.
Any ideas chaps?
Many thanks,
Phil Edmonds
Salisbury
UK.
April 29, 2019 at 10:51 pm
Then maybe they have too many or incorrect users with admin access. Such users could also drop the database so you can't guarantee the databases will be available either. Admins can do a lot of damage with a lot of things which is why it's generally limited. You'd need to look at eliminating the admins if you need those types of guarantees - using some type of hosting service might be an option.
Sue
April 30, 2019 at 12:35 am
Many thanks for this Sue!
You understand the problem! But I have no control over the customers' administrators, or indeed anything at all about their IT setup once I finish my contract. But I am worried that they could have some kind of legal recourse if someone does something bad after I have left.
Your idea about using some kind of hosting service is interesting, could you give me any tips or pointers?
Many thanks, Phil, UK.
April 30, 2019 at 1:01 am
You could suggest they used a managed hosting service but that would also involve moving the databases. Eventually, someone would have the final say regarding the databases as someone would have administrative access to it and could change it from read only. You'd just be reducing the number of people in the mix but it could also be someone who logs in and lets anyone do whatever they want. It's still someone thing you could suggest if the business has concerns as well and they feel it would better meet their needs.
You really can't control things after your done. And you wouldn't be held accountable. Just make sure you document any concerns, considerations, requirements, some wrap up documentation that you send in email and blind copy yourself to a personal email address. Documenting what you've done, what you wrote, why you did whatever is always good on contracts as it gives the clients some reference to go back to and it will help CYA. Everyone wins.
Sue
April 30, 2019 at 1:13 am
Thanks Sue,
Yep, I'm coming round to thinking that there isn't any way for me to completely protect these databases once I'm out of the loop?
So I guess the only recourse I have is to get a new clause written into my contract which will keep me safe from any problems once I am no longer "on the team"?
Do you agree?
Phil:-)
April 30, 2019 at 5:05 pm
I've never had something like that written into any contract. You aren't responsible for what they do or change after you are done. It's their databases so they can do whatever they want once you are done. It doesn't make it your responsibility though.
Sue
May 1, 2019 at 6:11 pm
I agree with Sue!
May 1, 2019 at 7:40 pm
Thanks for the advice guys!
Viewing 8 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply