Per discussion with @Mythicaeda - our Postgres DB service doesn't really have proper user role/group access permissions. Currently each user or service that accesses the DB is given a role that is just their username. We'd like to be more intentional about these roles & groups to adhere to the principle of least privilege and to make future changes easier.
Requirements
Discuss & decide on the correct set of roles/groups to use for DB users & services which connect to the DB, & what permissions each role should have
Implement new roles/groups in the DB
Create a migration and/or script for users to migrate to the new DB structure/roles when they upgrade
Background
Per discussion with @Mythicaeda - our Postgres DB service doesn't really have proper user role/group access permissions. Currently each user or service that accesses the DB is given a role that is just their username. We'd like to be more intentional about these roles & groups to adhere to the principle of least privilege and to make future changes easier.
Requirements