Closed bochecha closed 4 years ago
I'm not familiar with alembic, but this all looks fine to me. Where do the revisions come from?
They all come from Azafea, each event processor comes with its own migrations:
However, this won't be needed, @adarnimrod is enabling the row-level security in Terraform instead.
Confirmed with @adarnimrod that we're going a different way to deploy row-level security.
We can drop this PR, I handled it in Terraform using psql
and local-exec
.
This will allow setting things up on the PostgreSQL side so that most accounts can only view the user data for the deployments they are responsible for.
For example, the people at Endless Solutions with access to the database will only see data for Solutions machines, not for all other users.
The actual security policies will be created and maintained in the deployment configuration in Terraform, because the azafea user (owning the database) doesn't have the permissions to do those.