Define and implement improved db user privileges architecture for Arches #2636
Labels
Comments
6 tasks
|
Hey @benosteen, does your work address any of the criteria that @adamlodge has mentioned in the description above? |
|
The exception handling I've added to the CreateExtension method helps
"paint over" the problem with the `python manage.py migrate` step. It means
that when the first migration operation fails (due to not having the
superuser postgres permission), it logs the error rather than crashing out
of the whole process. It doesn't fix it! It just means that the original
functionality carries on unaffected, but in the case where you are
deploying it without superuser rights, it doesn't foul up. You just have to
make sure the extensions is available. The PR I put in is just step one of
this.
…On Tue, 26 Mar 2019 at 14:20, Cyrus Hiatt ***@***.***> wrote:
Hey @benosteen <https://github.com/benosteen>, does your work address any
of the criteria that @adamlodge <https://github.com/adamlodge> has
mentioned in the description above?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#2636 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAIL8Hn_QaYKmFKVfirN9eJxBYOqA6uSks5vao8PgaJpZM4QKDEx>
.
|
This was referenced May 14, 2019
|
Following #3719 this ticket will be completed by archesproject/arches-docs#115 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
User Story
In prod settings, it is good practice to create an alternative db user (besides "postgres") through which Arches accesses the database. However, there is currently no guidance (documentation or a template script) for creating a user with the privileges required to make Arches work.
On the implementation side, we should think through what exactly these privileges are, define a role that wraps up these privileges, and implement unit tests that ensure that the privileges assigned to the role keep up with system requirements.
Acceptance Criteria
Definition of Done
An implementor can create a custom db user account, and associate that user with a pre-defined db role that has all appropriate access to the db necessary to execute Arches functionalities.
The text was updated successfully, but these errors were encountered: