Description
Summary
My initial experimentation with grahile-migrate has had me run into a few issues with permissions (for example, see the discussion in #214 ). More specifically:
- I'm having trouble running
CREATE EXTENSIONstatements because they sometimes require superuser access. - graphile-migrate uses the
DATABASE_URLcredentials to apply migrations. However, the documentation explicitly uses another user thanROOT_DATABASE_URLfor this connection calledappuser. However, I do not want my application user to runCREATE TABLE/DROP TABLEetc..
So far, this has led to me creating a "special" graphile_migrate user with permissions to apply changes. However, given the constant permission issues, this user is essentially becoming another superuser to secure. Therefore, I'm thinking of just switching DATABASE_URL to use the same admin user as ROOT_DATABASE_URL instead.
My question is why DATABASE_URL is documented to use an appuser rather than root/postgres? Are there specific reasons graphile-migrate requires multiple users or security concerns with using the root/postgres user?