Re: [Rails] How can I separate the db DBA user and the db app user

Ruby on Rails Tuesday, December 31, 2013

On Dec 30, 2013, at 5:26 PM, Marc Munro wrote:

> How can I separate the database DBA user and app access user in rails? The app user will be able to run the app but perform no DDL. The DBA user will be used for migrations.

In your database.yml file, specify the DBA credentials in the development environment, and the "normal user" credentials in the production environment. Either don't run migrations on the production server, and use a different technique to update the schema there once you have settled on your DB structure, or change the password in the yml file to the DBA for installation/upgrades, and return it to "normal" once you have things working in production.

Walter

>
> I do not want the user that runs the rails app to be able to create, drop or modify database objects. This type of user access-rights separation is a pretty minimal best practice and I am concerned that this does not seem to be the norm in the rails world. What am I missing?
>
> My current thinking is that I should create 2 stanzas per database in the database.yml file. One for the dba user and one for the normal app user. Does anyone have any better suggestions?
>
> __
> Marc
>
>
> --
> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
> To post to this group, send email to rubyonrails-talk@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/add2b834-6dd6-4cfd-b99f-a8eeab5bdcd2%40googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/6A40891C-CB5C-49A4-BA29-B9AAD298DA7B%40wdstudio.com.
For more options, visit https://groups.google.com/groups/opt_out.

Posted by Ruby on Rails at 11:01 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)