Re: Permission for not Django app to do Write and Read

From: "Peter J(dot) Holzer" <hjp-pgsql(at)hjp(dot)at>
To: pgsql-general(at)lists(dot)postgresql(dot)org
Subject: Re: Permission for not Django app to do Write and Read
Date: 2019-08-25 08:44:18
Message-ID: 20190825084418.GB30240@hjp.at
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin pgsql-general

On 2019-08-24 13:22:38 +0200, Luca Ferrari wrote:
> On Sat, Aug 24, 2019 at 11:53 AM Peter Wainaina <petwah17(at)gmail(dot)com> wrote:
> >
> > Thanks much for the response. This is what I mean am a database
^^^^^^^^^^^^^
> > administrator for a production company and the product owner doesn't
^^^^^^^^^^^^^
> > want me to be able to either read or write information that will
> > come from Django application.
>
> I personally hate this kind of setup, because it does not make any
> sense to me that a developer must setup an application that must
> interact with a database that the developer himself cannot interact
> with.

Peter is the DBA here, not the developer. I don't think you can prevent
the DBA from seeing the data in the database - except by encrypting it
(as you suggested below). I guess it would be possible to write a Django
backend which implements an encryption layer, but getting decent
performance out of it might be ... challenging.

> However, keep it simple: define a django user, assign each object to
> such user, revoke any permission from public.
> And then let's the product owner setup a password.

You can still access the tables as postgres.

Of course you could set up another database instance where you don't
have DBA privileges, but then the product owner has to trust the system
administrator instead of the DBA. At some point you have to trust
somebody or do everything yourself.

hp

--
_ | Peter J. Holzer | we build much bigger, better disasters now
|_|_) | | because we have much more sophisticated
| | | hjp(at)hjp(dot)at | management tools.
__/ | http://www.hjp.at/ | -- Ross Anderson <https://www.edge.org/>

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message soumik.bhattacharjee 2019-08-26 10:14:20 RE: Postgres DB Slowness
Previous Message Luca Ferrari 2019-08-24 11:22:38 Re: Permission for not Django app to do Write and Read

Browse pgsql-general by date

  From Date Subject
Next Message stan 2019-08-25 12:34:15 A question aboout postgresql-server-dev versions
Previous Message Adrian Klaver 2019-08-24 23:54:17 Re: Postgres SQLSTATE[08006] [7] timeout expired