From: | "petrov(dot)boris(dot)v(at)mail(dot)ru" <petrov(dot)boris(dot)v(at)mail(dot)ru> |
---|---|
To: | PGSQL-Novice <pgsql-novice(at)postgresql(dot)org> |
Subject: | Re: Who should own database? |
Date: | 2015-02-10 18:45:05 |
Message-ID: | 54DA51B1.5000506@mail.ru |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-novice |
On 10.02.2015 18:34, Daniel Staal wrote:
> boris_developer be the owner, as php_script sounds like a web interface,
> and it's usually best not to give web interfaces any permission they don't
> absolutely *need*
You kind of confirming the way I am doing it most of the time. Web is
limited to minimum permissions it particularly uses and the owner is
human user.
> Or the owner should be a specific account set up just to be the owner
That option also come to mind, and seems logical.
Thank you for considerations.
On 10.02.2015 18:55, David G Johnston wrote:
> Maybe a bit of over engineering initially but it's worth considering.
> Slightly simpler is to make the owner role a login role. In either
> case client application users should never be able to get owner
> permissions.
Making LOGIN-less group-role an owner looks complicated to me at least
for now (not even sure I get it completely), but definitely worth
considering. Thank you for sharing.
From | Date | Subject | |
---|---|---|---|
Next Message | Marcel Ruff | 2015-02-11 08:02:40 | Re: How to get some table entries from backup instance back to production instance |
Previous Message | David G Johnston | 2015-02-10 15:55:35 | Re: Who should own database? |