On Wed, Jul 8, 2015 at 3:55 AM, Karsten Hilbert <karsten.hilb...@gmx.net> wrote:
> On Tue, Jul 07, 2015 at 06:57:45AM -0500, John McKown wrote: > > > >>> >at a bare minimum, a database administrator needs to create database > > >>> >roles (users) and databases for an app like yours. > > >>> > > >> The admin don't need to create the db. It is done by the application > > >> (sqlalchemy-utils on Python3) itself. > > >> > > > > > > an application should not have the privileges to do that. you don't > run > > > your apps as 'root', do you? why would you run them as a database > > > administrator ? > > > > > > Trigger Warning (Thanks, Mallard Fillmore) > > > > I agree with you on this. If I were a customer and some vendor said: "Oh > > yes, to run our product, you must configure your multi-user data base to > > disable passwords and run it as a DBA so that it can make schema changes > on > > the fly", then I'd simply say "no sale". Of course, in regards to the > > schema, it would be proper to document what the DBA needs to do to set up > > the data base with the proper tables and other items. > > In fact, an app might have an option to emit a script for > the DBA to run. Or even offer to run it for the DBA given > proper credentials are provided on the spot. > Yes, that's even better. Documentation to say what to do and why, and a way to generate a script which the DBA can review, approve, & run is an excellent way to do this. > > Karsten Hilbert > > -- Schrodinger's backup: The condition of any backup is unknown until a restore is attempted. Yoda of Borg, we are. Futile, resistance is, yes. Assimilated, you will be. He's about as useful as a wax frying pan. 10 to the 12th power microphones = 1 Megaphone Maranatha! <>< John McKown