I’ve been working on Aidmin for quite some time now, and finally released a beta version of it.
I’ve focused most of my efforts on security, making sure that Aidmin can’t negatively impact your database. I talk about that a little bit in the Security Overview (https://github.com/aidmin-io/docs/blob/main/security-overvie...).
I would love to know if Aidmin would be helpful at your workplace, and if not, why? Are there any features that are missing which would make it much more useful?
Thank you for checking out the project!
If so, you may want to consider that non-developers typically don't have access to production databases for a good reason: they can easily make breaking changes.
You may want to consider creating a "pull request" type functionality where a non-developer can create a change, and instead of having it executed immediately, be sent to a developer/reviewer for review and approval. This would still save developers time in crafting complex SQL queries, instead focusing on reviewing the changes others are proposing and ensuring they don't break the system.
Currently, the column based access should help limit modifications to only specific columns. That said, I have heard this feedback and definitely have started thinking about an approval / pull request based workflow.
this can be mitigated with roll-back scripts
Much better would be to give them a replica to work on and a change confirmation process that allows signed-off changes to be pushed into production.
Woah. This is a huge red flag for any company or enterprise.
To the developer: please reconsider your approach, because as of right now nobody can use this and still have their customers trust them. To everyone else, until there's a 2.0 or self-hosted version of this, Hasura+Metabase was recommended for this in a HN thread last year and looks pretty neat, if not covering the exact same usecases.
(Yes, I realize that the same is true of a database hosted in AWS/Azure/GCP. But you can sue them if someone gets access to your data through them, and the US Government and every major bank uses one of those services, so I'd be more willing to believe in them vs a early stage startup).
[1] It claims: Works with MySQL, MariaDB, PostgreSQL, SQLite, MS SQL, Oracle, Elasticsearch, MongoDB, SimpleDB (plugin), Firebird (plugin), ClickHouse (plugin)
I hear you on the approach, it is something I have been thinking about for a while.
There are a few SaaS companies that exist today which provide similar service, and they all require this level of access, unless you opt for their enterprise self hosted version.
I am probably going to release a self hosted version at some point.
Edit: They all offer an on-prem version, but only for enterprise ($$$$) customers.
What's the advantage over giving dbeaver to users and set up their users right at the db level ? Cleaner UI (that's a big +1) ? Access and right management ?
At my current startup, giving acess to everyone at the company to use a traditional tool (dbeaver, datagrip, etc) is not simple because our databases are not publically accessible. This means every employee would need an ssh key to a bastion, and our onboarding / offboarding process would involve adding / delete users constantly.
With Aidmin, they can invite users to their workspace and utilize Signle Sign-On for added security.
As for databases not being publicly accessible, why not just use a VPN?
I've used dbeaver which gets the job done but could benefit from better UI and a web interface. Another of a web app is if a few people can configure everything for the rest of the team(s). If there's a lot of databases and onboarding it can be a chore.
Everything I have is fairly automated so I think it'd be trivial to offer an on-prem version at some point, but currently still figuring things out.
What is the advantage of aidmin?
This is also just the initial iteration. If you had a chance to check out the demo, all the screens where you manage your workspace (users, data source, etc) are all joins and use the Aidmin to manage itself.
I could see it not needing a name, but its used to manage your users that belong to the workspace. I thought it would be a better experience than just show the email of the user.
As for an audit log, what's wrong with those capabilities built into most databases already?
As long as I don't see the source code, you won't get any other feedback from me.
As it was mentioned, sharing access password with the service is worst thing possible in system like yours. It is a dealbreaker for me and many others.
RBAC? Look at row based security. Audit logs? There are few robust trigger based solutions. Want quick access and UI? Just use any existing tool.
I don't see any benefit of using this tool.
