Employees are never granted database credentials. Instead, administrators grant them strongDM credentials. Users are then assigned to the appropriate role which contains only the permissions necessary for that employee.
Conveniently grant employees enhanced permissions for a timeboxed period after which access automatically expires. When an employee quits, instantly revoke access to every database.
Employee workflow doesn’t change. We set out to make connecting to databases as painless as it should be. We support most tools to make that possible and are working hard to expand the list every day.
strongDM stores a tamper-proof, centralized audit log of every query issued on every database by default. This unified view allows administrators to efficiently investigate a potential compromise.