define default access privileges for default users too #1512
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FxKu
requested review from
CyberDem0n,
erthalion,
Jan-M,
RafiaSabih and
sdudoladov
as code owners
|
👍 |
|
👍 |
1 similar comment
|
👍 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Using preparedDatabases allows you to create a set of pre-defined owner, reader and writer NOLOGIN roles. With
defaultUsersenabled LOGIN roles can be created to which inherit all privileges from their NOLOGIN counterparts except for defalt access privileges. This means, when using tools such as flyway one has to make sure that the NOLOGIN owner role is set before creating new tables. If the migration is executed with the<dbName>[_<schemaName>]_owner_userrole, reader and writer roles will have no access.Because such behavior is not very obvious to users, this PR suggests to define default access privileges on the LOGIN roles, too.
Closes #1170