tags:

views:

176

answers:

3

I am trying to help a small business that has an application that could benefit from occasional (or temporary) database expertise. The problem is, this company has all their IP in this database, so they are rightfully hesitant to give someone access it.

They would typically meet and gain trust in person, but the talent pool within physical proximity to them is pretty limited. I would like to think that they could still somehow tap into the global DBA expertise though...

Even the crappiest DBA will be able to dance SQL Circles around these guys - so exposing only pieces of the database doesn't sound feasible to me, but I am hoping I just don't know how.

Anyone have any tips on how they could find a trustworthy company (or individual)? When I hire a programmer, I start them on basic stuff that if they mess up won't hurt too much. With a database, is there something that I can start with that can limit their exposure. Maybe Profiler output for analysis or something?

+2  A: 

The simplest thing is requiring all employees and contractors who see the database, or its design, to sign non-disclosure agreements. There are plenty of boilerplate ones there, and a good attorney can provide guidance on what you'd need in one with less than an hour of billing time. Everyone in the industry is used to them, and everybody understands why they have to sign them.

Of course, that's not a programming question, it's just a legal problem.

JasonTrue
+1  A: 

consultants sign NDAs all the time, and the good ones take them seriously because a consultant's reputation is all he has

while not a DBA, i can highly recommend this fellow as I have known him all my life ;-)

Steven A. Lowe
+2  A: 

As the others have mentioned, NDA's are a good idea, that covers you from the standpoint of WHAT they see...

However, I can feel that you are also concerned about any potential "damage" the person could do to your database if they make mistakes. To get around, and protect from this is a bit harder, but there a few good key items that I would recommend.

  1. BACKUP EVERYTHING before starting, this is common sense, but cannot be overstated
  2. Provide the consultant a test environment if you are able to replicate production issues. This gives an isolated environment where testing can be done.
  3. DO NOT limit their database access. Database issues require digging into the system, limiting their access, could actually contribute to an error rather than preventing them.
  4. Look for references, or evidence of the persons abilities.

I provide this information as a consultant myself. I do .NET and SQL Server consulting, and I ensure that all of the above are true in my consulting cases, and I have not had a fault. Steven points out the biggest key in this all and that is all a consultant has is his reputation. Serious consultants fully understand this, and because of it will make sure that they do NOT put themselves into tricky situations.

Mitchel Sellers
Do you think sites like Linked In/SO etc. can help find this type of help? In person meetings are ideal, but this imposes geographical and cost limits/pressures.
aSkywalker
I think that they can be. I know I have gotten many consulting jobs myself from SO and LinkedIn. The biggest item, is that those places typically help you get a better idea of the potential skill set before, but you still have to evaluate them on your own in detail.
Mitchel Sellers