On Tue, Jul 07, 2015 at 06:57:45AM -0500, John McKown wrote:
> >>> >at a bare minimum, a database administrator needs to create database
> >>> >roles (users) and databases for an app like yours.
> >>>
> >> The admin don't need to create the db. It is done by the application
> >> (sqlalchemy-utils on Python3) itself.
> >>
> >
> > an application should not have the privileges to do that. you don't run
> > your apps as 'root', do you? why would you run them as a database
> > administrator ?
>
>
> Trigger Warning (Thanks, Mallard Fillmore)
>
> I agree with you on this. If I were a customer and some vendor said: "Oh
> yes, to run our product, you must configure your multi-user data base to
> disable passwords and run it as a DBA so that it can make schema changes on
> the fly", then I'd simply say "no sale". Of course, in regards to the
> schema, it would be proper to document what the DBA needs to do to set up
> the data base with the proper tables and other items.
In fact, an app might have an option to emit a script for
the DBA to run. Or even offer to run it for the DBA given
proper credentials are provided on the spot.
Yes, that's even better. Documentation to say what to do and why, and a way to generate a script which the DBA can review, approve, & run is an excellent way to do this.
Karsten Hilbert
Schrodinger's backup: The condition of any backup is unknown until a restore is attempted.
Yoda of Borg, we are. Futile, resistance is, yes. Assimilated, you will be.
He's about as useful as a wax frying pan.
10 to the 12th power microphones = 1 Megaphone
Maranatha! <><
John McKown
10 to the 12th power microphones = 1 Megaphone
Maranatha! <><
John McKown
