[Dbconfig-common-devel] Re: RFC: common database policy/infrastracture

[Andreas Tille]

On Tue, 21 Dec 2004, Karsten Hilbert wrote:

>> well dbconfig-common can handle the creation of one user already, it'd
>> probably be simplest to create that user, and use it to dole out other
>> users+privileges.  that may mean that you'd have to do something in your
>> bootstrap script to grant any extra privileges that the user would need
>> to do so.
> Well, but to grant extra rights to that user I'd have to
> become a user with even more priviledges - which is what we'd
> want to avoid in the first place. If dbconfig-common is trying
> to be helpful it needs to create the user with all the
> necessary rights.
I think GnuMed does just need a "different type of user" than dbconfig-common
currently is creating.

> a) our applications don't use that user
> b) the user only has create-database and create-user which
>   means it can create new databases and delete databases
>   owned by itself, same with users: create new ones and
>   delete those created by itself
> c) the user does not have administrative access to other
>   databases
> d) in fact, that user does not have "administrative" access at
>   all in that that would be something generic, it only has
>   the added rights to manage "it's" databases/users
I would acll this user: application-database-manager.  This user does not
really interact with the database when the application is running but just
cares for the health of the database itself.  It plays the role of postgres
user for this very special database.  Thus it needs similar rights as
the postgres user but only in respect of this certain data base.

Kind regards

          Andreas.

-- 
http://fam-tille.de