In order to support a high number of transaction processing in an automated environment like in e-commerce, some measures need to be taken to ensure the integrity of such transactions. One of these is by ensuring no one person initiates, authorizes and completes a transaction. It’s more like making sure that we don’t have a situation where one person is the judge, jury and executioner. This is what is known as segregation of duties or in some quarters the “maker-checker”.
So why is it so important to ensure that developers have no access to production databases? This is from an IS auditor’s perspective. It is indeed the developer who provide the logic for ensuring the actual separation of duties in the first place. A typical walkthrough happens as follows:-
- Person A initiates a transaction. This entry is saved in the Database with user ID of Person A.
- There exists a list of all initiated transactions which need to be approved. Whenever this list is being loaded up, ensure to omit all transactions initiated by the currently logged in user.
- Approve transaction and record approving user. In this case it has to be any other person but A.
Now all this logic exists in the source code in various variants, not necessarily in the format above. With access to the database, in order for me to complete a self-initiated transaction all I need to do is simply change the initiator user Id and just like that, I now will be able to authorize these transactions. This is a track we use a lot when doing development since it’s really tiring to keep logging in as a different user while debugging.
The separation of duties is definitely a best practice but then it usually is hard to implement as a result of the budgets It departments need to have to have fully staffed Techops team. In addition most often than not developers still have to access production databases in order to perform support tasks. That said, it is best as a developer to exercise due care with the vast amount of sensitive information once is given access to especially personal identifiable information. It all goes down to personal ethics and integrity.