-
Notifications
You must be signed in to change notification settings - Fork 137
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Define and implement improved db user privileges architecture for Arches #2636
Labels
Comments
6 tasks
Hey @benosteen, does your work address any of the criteria that @adamlodge has mentioned in the description above? |
The exception handling I've added to the CreateExtension method helps
"paint over" the problem with the `python manage.py migrate` step. It means
that when the first migration operation fails (due to not having the
superuser postgres permission), it logs the error rather than crashing out
of the whole process. It doesn't fix it! It just means that the original
functionality carries on unaffected, but in the case where you are
deploying it without superuser rights, it doesn't foul up. You just have to
make sure the extensions is available. The PR I put in is just step one of
this.
…On Tue, 26 Mar 2019 at 14:20, Cyrus Hiatt ***@***.***> wrote:
Hey @benosteen <https://github.com/benosteen>, does your work address any
of the criteria that @adamlodge <https://github.com/adamlodge> has
mentioned in the description above?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#2636 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAIL8Hn_QaYKmFKVfirN9eJxBYOqA6uSks5vao8PgaJpZM4QKDEx>
.
|
This was referenced May 14, 2019
Following #3719 this ticket will be completed by archesproject/arches-docs#115 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
User Story
In prod settings, it is good practice to create an alternative db user (besides "postgres") through which Arches accesses the database. However, there is currently no guidance (documentation or a template script) for creating a user with the privileges required to make Arches work.
On the implementation side, we should think through what exactly these privileges are, define a role that wraps up these privileges, and implement unit tests that ensure that the privileges assigned to the role keep up with system requirements.
Acceptance Criteria
Definition of Done
An implementor can create a custom db user account, and associate that user with a pre-defined db role that has all appropriate access to the db necessary to execute Arches functionalities.
The text was updated successfully, but these errors were encountered: