endlessm / azafea

Service to track device activations and usage metrics
Mozilla Public License 2.0
10 stars 2 forks source link

Enable row-level security #70

Closed bochecha closed 4 years ago

bochecha commented 4 years ago

This will allow setting things up on the PostgreSQL side so that most accounts can only view the user data for the deployments they are responsible for.

For example, the people at Endless Solutions with access to the database will only see data for Solutions machines, not for all other users.

The actual security policies will be created and maintained in the deployment configuration in Terraform, because the azafea user (owning the database) doesn't have the permissions to do those.

bochecha commented 4 years ago

I'm not familiar with alembic, but this all looks fine to me. Where do the revisions come from?

They all come from Azafea, each event processor comes with its own migrations:


However, this won't be needed, @adarnimrod is enabling the row-level security in Terraform instead.

bochecha commented 4 years ago

Confirmed with @adarnimrod that we're going a different way to deploy row-level security.

adarnimrod commented 4 years ago

We can drop this PR, I handled it in Terraform using psql and local-exec.