Adam R.

Commented on Managing Write Access for Business Users in Mother...·Posted inHelp

Blossom C. the only time of those that works for me is Monday 2:30-3. Others are totally welcome to join. My use case is very simple: analysts doing ad hoc SQL work that generate business outcomes (basically running small models) which we want to capture the output and metadata about in prod.

Commented on Managing Write Access for Business Users in Mother...·Posted inHelp

Adam R.

Hi there, yes let's chat. What's the best way to find a good time?

Commented on Managing Write Access for Business Users in Mother...·Posted inHelp

Adam R.

Thanks. It's good to know that there are more flexible access controls in the works. The workaround seems ok but then we're juggling all kinds of databases and I feel like people will get confused and governance will suffer massively.

Posted in Help·

Adam R.

Managing Write Access for Business Users in Motherduck with Service Account-Owned Databases

I've got a use case that is proving difficult in Motherduck. I have a service account that runs my dbt packages, creating tables across 6 different databases. I have shared these databases with some business users, which works great for read only work. However, some of these users have a need to write (running ad hoc scripts that create tables or insert into tables) which can't be done on their shares, and they can't write to the main databases because they are owned by the service account. The only workaround I can think of is to issue the user a token with access to the underlying databases and then have them connect with something like Datagrip or the cli to execute their procedures. Am I missing something fundamental here, or is this the intended way that this work should be accomplished?

12Comments

Posted in General·

Adam R.

Finding Security Professionals Experienced in Pentesting Motherduck Environments for Consultants

Hi friends, I'm a consultant using Motherduck for all of my data warehouse needs and it's great. I'm running into an issue where potential clients are asking to see the results of 3rd party penetration tests/security audits of my systems and the platforms I use, and I'm having a hard time finding folks who will do this for my Motherduck environment. They are all happy to take a look at my Azure setup, Entra ID, my workstation policies, etc. But they have never heard of Motherduck, don't feel competent to review/audit the setup, and aren't willing to learn just for me since I'm a tiny company who isn't going to end up paying them much money. Have any of you worked with pentesters or other security professionals who are willing/able to audit and/or pentest my MD environment? It would make my life a lot easier if I could find someone. Thanks! CC: Bill Z.

4Comments

Commented on Managing Token Security: Limiting Access & Reducin...·Posted inGeneral

Adam R.

I'm currently just one person with no staff, but about to hire, which is why this is coming up. Thanks!

Commented on Managing Token Security: Limiting Access & Reducin...·Posted inGeneral

Adam R.

oh duh, I forget that I can do this at the user level

Posted in General·

Adam R.

Managing Token Security: Limiting Access & Reducing Risks

I'm pretty sure that there's currently no way to restrict the scope of a token's access to a specific database/set of databases, and also not possible to restrict token access by IP. I know the ip allowlist thing is on the roadmap, but not sure when that's coming. What are people doing to reduce risks around tokens (besides rotating them)?

3Comments

Commented on Differences in Compute Power: Lite vs. Business St...·Posted inGeneral

Adam R.

Great, thanks!

Posted in General·

Adam R.

Differences in Compute Power: Lite vs. Business Standard Plans

Generally, is the underlying compute the same between the Lite Standard and the Business Standard plans? Or is lite/standard "lighter" than business/standard?

2Comments

About

Start Date
Title