aerie icon indicating copy to clipboard operation
aerie copied to clipboard
verified publisher icon NASA-AMMOS

Revisit Postgres DB user permissions, roles and groups

Open dandelany opened this issue 1 year ago • 1 comments

Background

Per discussion with @Mythicaeda - our Postgres DB service doesn't really have proper user role/group access permissions. Currently each user or service that accesses the DB is given a role that is just their username. We'd like to be more intentional about these roles & groups to adhere to the principle of least privilege and to make future changes easier.

Requirements

  • Discuss & decide on the correct set of roles/groups to use for DB users & services which connect to the DB, & what permissions each role should have
  • Implement new roles/groups in the DB
  • Create a migration and/or script for users to migrate to the new DB structure/roles when they upgrade

dandelany avatar Oct 03 '24 20:10 dandelany

Additionally, at the same time as we square away this ticket for the merlin, sequencing, scheduling, and gateway users, we need to decide what to do for the action server, which is currently sharing a user with sequencing

Mythicaeda avatar Mar 12 '25 23:03 Mythicaeda