How to secure the content inside a production DB for a RoR web application

Question

I have outsourced the development of a web application based on RoR and hosted on heruko. I have three types of users of this application, the developers, the content generators, and customers. I want developers to be able to create tables and/or change DB schema only. And i want content generators to be able to access the content of the DB (direct DB access or through the website).

my question: How can i block developers from being able to access the DB content at the database engine level? i can add the developer as a customer of the site and they can have access to limited content, and this is fine. but how can i protect my DB content from someone copying it all over?

because i outsourced the development and because there is not contract between me and the developer i want to ensure that my IP is protected. what is the best way to do this ?

Answer 1

Please try to target your questions to one specific question.

Having said that, my answers would be:

Q) How can i block developers from being able to access the DB content at the database engine level?
A) Just don't have to give them access to the production server on heroku. That's the beauty of rails and migrations. You don't need access to the database server, you can make changes through migrations, but the data is separate.

---

Q) How can i protect my DB content from someone copying it all over?
A) Don't give out access, backup up your database, consider if heroku is the right choice.

---

Q) I want to ensure that my IP is protected. what is the best way to do this ?
A) Have really good security policies and practices such as strong passwords and changing them frequently, make sure all workers sign clear contracts for any period that they work, employ a good lawyer to review contracts.