Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Support DBforPostgreSQL FlexibleServersDatabase to configure owner or user with permission to the database #4333

Open
Paul-B98 opened this issue Oct 10, 2024 · 4 comments
Open

Feature: Support DBforPostgreSQL FlexibleServersDatabase to configure owner or user with permission to the database #4333

Paul-B98 opened this issue Oct 10, 2024 · 4 comments
Labels
new-feature
Milestone
v2.12.0

Comments

@Paul-B98
Copy link

Paul-B98 commented Oct 10, 2024
edited
Loading

It would be helpful if the owner (user) of a FlexibleServersDatabase (PostgreSQL) could be specified. Additionally, it would be also helpful if additional users with can be specified with permissions to access the database.
@theunrepentantgeek
Copy link
Member

Is this not already handled by User?

@theunrepentantgeek theunrepentantgeek added waiting-on-user-response Waiting on more information from the original user before progressing. and removed needs-triage 🔍 labels Oct 14, 2024
@Paul-B98
Copy link
Author

To my understanding you can create a database with RoleOptionsSpec by providing the createDb: true field. But I haven’t found an option to specify an owner or users who should have access to the database when creating a database with the FlexibleServersDatabase template.

Please correct me if I’m wrong but to my understanding the owner in the FlexibleServersDatabase template relates to the FlexibleServer itself.

@matthchr
Copy link
Member

I think you may be misunderstanding what the createDb option of RoleOptionsSpec is about. That section of the User is about what permissions the User has. So setting createDb means that the user you're creating will have the permission to create databases.

It doesn't actually create any databases. It just grants the perms for that user to do so.

You're correct that the owner of a FlexibleServersDatabase is the FlexibleServer. Not sure if you've read our article on ownership, but that describes what this "ownership" is about. It's not about what users are owners or permissions - it's about where (into which FlexibleServer) the database is being provisoned.

With all of the above said, I think your point is that we are lacking the ability to set permissions per database on the existing User object. Looking here, the line I think we don't support is:

GRANT ALL PRIVILEGES ON DATABASE TO <db_user>;

Is that what you're saying?

@Paul-B98
Copy link
Author

Thank you for the clarification. The summary of my request is correct. In addition, it would be nice to achieve this behaviour for multiple users.

@matthchr matthchr removed the waiting-on-user-response Waiting on more information from the original user before progressing. label Nov 4, 2024
@matthchr matthchr added this to the v2.12.0 milestone Nov 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
new-feature
Projects
Azure Service Operator Roadmap
Status: Backlog
Milestone
v2.12.0
Development

No branches or pull requests
3 participants
@theunrepentantgeek @matthchr @Paul-B98