[pillefitz]

Don't give access to a DB, the same way you wouldn't give access to any other external system. Instead you ask what is needed and provide a restricted REST API.

You come off as condescending and remind me of why I (ex dev who joined our business department) dislike our IT so much and do my best to encourage shadow IT where I can, while keeping sane best practices around CI/CD, security and testing.

I'm so fed up seeing working Excel solutions cobbled together over 2 weeks, that served business well over years with 0 incidents, get replaced by shitty cloud apps that cost millions to build.

[usrbinbash]

> Instead you ask what is needed and provide a restricted REST API.

Happy to. Problem is, that API has to be built, and tested, and vetted, and maintained, and who's going to do all that work? Because I know a lot of software devs, and none of them lack for tasks.

[kbelder]

If it needs to happen, and your team can't do it, somebody else needs to. Your best bet then is to give them the access to do it properly instead of forcing them to hack it together.

[ropable]

I, on the other hand, am tired of being called in to investigate why the janky Excel macro written four years ago by an ex-employee doesn't work for all the external stakeholders this manager just sent the spreadsheet to, only to find that the hardcoded database and local admin user creds in the VBA script are now leaked and in the clear.

A lot of people pushing shadow IT "solutions" wildly overestimate their own ability, while maintaining garbage-tier information security standards. That doesn't sound like you, but it's the far more common situation those of us in "IT" are forced to protect the wider organisation against.