Issue 11680

Set up proper DB accounts in all profiles

11680
Reporter: trobertson
Type: Task
Summary: Set up proper DB accounts in all profiles
Priority: Critical
Resolution: Fixed
Status: Closed
Created: 2012-08-17 11:31:56.905
Updated: 2013-12-16 17:51:03.283
Resolved: 2013-12-11 14:23:23.755
        
Description: We have been very lazy with permissions, often using root permission accounts for DBs.

The registry web application requires read and write access, but should not have permission to truncate, drop tables etc.  These have potential for human error for things like Liquibase to accidentally drop a real database.

This Jira requires going through the entire DB credentials in all modules of the registry, determining what accounts privileges should be made, making that happen, modifying Jenkins, letting DEVs know the final accounts, and adding a summary of the permissions to the readme.]]>
    


Author: kbraak@gbif.org
Created: 2013-12-11 14:23:23.826
Updated: 2013-12-11 14:23:23.826
        
A summary of the permissions (roles) for each database on each server has been added to a Confluence. Since this issue has been reported, we have gotten much better at using the appropriate user role (for example during testing) to limit accidents from occurring. A new security layer has also been added to Registry2, along with specific roles for a registry admin and editor, separate from the (Drupal) administrator.

Closing issue.