Revisit Postgres DB user permissions, roles and groups

Question

Revisit Postgres DB user permissions, roles and groups

Opened this issue 3 months ago · 0 comments

Background

Per discussion with @Mythicaeda - our Postgres DB service doesn't really have proper user role/group access permissions. Currently each user or service that accesses the DB is given a role that is just their username. We'd like to be more intentional about these roles & groups to adhere to the principle of least privilege and to make future changes easier.

Requirements

Discuss & decide on the correct set of roles/groups to use for DB users & services which connect to the DB, & what permissions each role should have
Implement new roles/groups in the DB
Create a migration and/or script for users to migrate to the new DB structure/roles when they upgrade