Re: Restricting database permissions

On Mon, Sep 7, 2009 at 10:09 AM, Thomas Guettler wrote: > > I can speak only for postgres. > > We create the database with a special admin-account and > the owner if the db is the admin-account. Then we grant > insert, update, delete permissions to the django-db-user. > > We

Re: Restricting database permissions

Hi Thomas, Thank you for your suggestion. The modified manage.py sounds like a very good place for me to start. Best regards, Sean On Mon, 2009-09-07 at 16:09 +0200, Thomas Guettler wrote: > I can speak only for postgres. > > We create the database with a special admin-account and > the

Re: Restricting database permissions

I can speak only for postgres. We create the database with a special admin-account and the owner if the db is the admin-account. Then we grant insert, update, delete permissions to the django-db-user. We have a modified manage.py which let syncdb run with the admin-account (interactive password

Restricting database permissions

Hi All, I am currently working on a front end to pam-mysql and nss-mysql to allow the creation of linux user accounts through the web. I need to separate out permissions so that Django can read some columns and not others, for instance it should have no access to the password column. I

Re: database permissions

On 08-Aug-07, at 10:13 PM, James Bennett wrote: >> constructing the SQL. With Django, it is building the SQL for me. > > Your best bet is to thoroughly read the documentation on the ORM; once > your tables are created (it can create them for you, but you don't > have to let it do that --

Re: database permissions

On Aug 8, 9:49 am, Stephen Bunn <[EMAIL PROTECTED]> wrote: > I know it obviously needs to be able to execute SELECT, UPDATE, and > INSERT statements, but what about ALTER? SHOW? does it need to create > views? create indexes? what about locking tables and creating temporary > tables? The true

Re: database permissions

On 8/8/07, Stephen Bunn <[EMAIL PROTECTED]> wrote: > Understandable. But for somebody new to an ORM type model (like me) > things might not be so clear. If I am writing a PHP or Perl > application, I know exactly what permission it needs because I am > constructing the SQL. With Django, it is

Re: database permissions

Steve, SB> Perhaps I am wrong, or just going about this the wrong way, but I have SB> been looking the Django documentation and asking around in #django and SB> nobody can (or do not want to) give me a straight answer and the minimum SB> database permissions Django needs to opera

Re: database permissions

Kenneth Gonsalves wrote: > > > you have to divide the tasks into those that you want to do through > django and those that you want to do outside django - django needs > permissions to do the first set. I dont think one can be clearer than > that. > Understandable. But for somebody new

Re: database permissions

You need certain permissions to setup the superuser account, although I don't know which, only Select,Update and Insert are not enough for setup the superuser account. On 8/8/07, Kenneth Gonsalves <[EMAIL PROTECTED]> wrote: > > > > On 08-Aug-07, at 7:19 PM, Stephen Bunn wrote: > > > therein lies

Re: database permissions

On 08-Aug-07, at 7:19 PM, Stephen Bunn wrote: > therein lies the problem. What is 'everything' that Django > requires to > be done? > > I know it obviously needs to be able to execute SELECT, UPDATE, and > INSERT statements, but what about ALTER? SHOW? does it need to create > views? create

Re: database permissions

Kenneth Gonsalves wrote: > > On 08-Aug-07, at 6:51 PM, Stephen Bunn wrote: > > use whatever permissions you are happy with. As long as the user > under which django accesses the database, can do everything django > requires to be done, it's fine. I dont think this is any different > from

Re: database permissions

On 08-Aug-07, at 6:51 PM, Stephen Bunn wrote: > Is there any documentation anywhere that describes setting up correct > database permissions for use with Django. use whatever permissions you are happy with. As long as the user under which django accesses the database, can do ever

database permissions

Perhaps I am wrong, or just going about this the wrong way, but I have been looking the Django documentation and asking around in #django and nobody can (or do not want to) give me a straight answer and the minimum database permissions Django needs to operate. So I am assuming that everybody