search

Squarespace / pgbedrock

Manage a Postgres cluster's roles, role memberships, schema ownership, and privileges
https://pgbedrock.readthedocs.io/en/latest/
Other
313 stars 35 forks source link

Exclude tables from access #17

Open cpdean opened 6 years ago

cpdean commented 6 years ago

Say we had a schema, the_data with three tables, a, b, and c. We have some users that have read/write access to all the tables in the_data, but after a while we decide that we do not like table b so we'd like to deprecate it by first restricting access to it for a while and then dropping the table properly later.

I'm open to other suggestions like "how about you just move table b to an off-limits schema", but I wanted to discuss if this is a pattern that's useful and if so what would that look like in the spec def?

zcmarine commented 6 years ago

@cboline's suggestion is that we have a list of objects that pgbedrock will just ignore, so that's one possibility.

cpdean commented 6 years ago

ohh that's a good call. then we don't have to check weird interactions, we can just mark stuff to be ignored and manually manage it out of band from the spec.

cpdean commented 6 years ago

yeah i guess we either rename this or open a new ticket for that feature request