How to restrict DB specific privileges

RE: How to restrict DB specific privileges

Mathieu Drouin — Fri, 09 Jan 2026 13:45:01 GMT

You can't with the standard permissions. Database schema editors will allow you to drop/truncate.

No choice but to roll your own DB if you want this. Or restrict db access to database viewers and only let them update data via a process.

RE: How to restrict DB specific privileges

Jordi — Fri, 09 Jan 2026 10:00:53 GMT

I understand your point of view, Stefan, but sounds quite theoretical.

When you admin legacy or new big applications, you can't create always a "self maintenance" capabilities, for users to self-maintain each and every data item, right?

And when a user incorrectly enters a value, and he/she needs it to changed, if the application does not contain a self maintenance, you need a designer/admin to change that value in the DB and re-synch the record.

We need admin people with permissions to write into production, in a very controlled and justified fashion, with the right incident and the right controls.

What we don't need is that those same people, because of the simple fact that they need to be able to change a value in the database, we don't need them to be able to truncate a table or to drop any database object.

In Appian, if you have permissions to write into a table via myphpAdmin, you have permissions to drop objects.

So, how can I avoid this?

RE: How to restrict DB specific privileges

Stefan Helzle — Thu, 08 Jan 2026 16:44:31 GMT

Nobody should have any kind of admin access on PROD by default. Using the described approach you can easily control access for support purposes.

https://appian.rocks/2023/09/20/support-processes-on-appian/