Well, in our case I had some potential security issues about this, especially as it relates to a custom audit procedure which was put in place in a separate schema, which DHIS2 has insert privileges for, but which it has no SELECT privileges for. I may have been overly paranoid about the segregation of the users.
It would seem the best bet would be as you say, to have the DHIS2 DB user to be the owner of the DB itself. Assuming the hibernate.properties file is secured, I guess storing the password in clear text is not a huge issue, but it still makes me a bit uncomfortable. On Wed, Mar 2, 2011 at 6:00 PM, ola testuser <727...@bugs.launchpad.net> wrote: > I always set the 'dhis database user' (the user in hibernate.properties) to > be the owner of the database. > > Any potential problems with that approach? > > ---------------------------------- > Ola Hodne Titlestad (Mr) > HISP > Department of Informatics > University of Oslo > > Mobile: +47 48069736 > Home address: Vetlandsvn. 95B, 0685 Oslo, Norway. Googlemaps > link<http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=Vetlandsvn.+95B,+0685+Oslo,+Norway> > > > On 2 March 2011 16:48, jason.p.pickering <727...@bugs.launchpad.net> wrote: > >> I suspect what is happening is the following. >> >> New tables are created and columns perhaps added to table, but >> permissions are not set explicitly for the DHIS2 user, so these >> operations may fail somewhere during the process. This is not a >> problem when the DB owner is the same as the DHIS2 database user. >> However, when the DB owner and DHIS2 database user are different, new >> tables are created, but DHIS2 does not have any permissions to operate >> on those tables. >> ... >> Not sure about this one >> >> >> On Wed, Mar 2, 2011 at 4:40 PM, jason.p.pickering >> <727...@bugs.launchpad.net> wrote: >> > These types of errors seem to result from incorrect permission settings >> > on the DB for the user which DHIS2 connects to the DB with. >> > >> > ** Changed in: dhis2 >> > Status: New => Invalid >> > >> > -- >> > You received this bug notification because you are a direct subscriber >> > of the bug. >> > https://bugs.launchpad.net/bugs/727779 >> > >> > Title: >> > startup-routines-fail-when-database-user-permissions-are-not-set >> > >> > Status in DHIS 2 - District Health Information Software: >> > Invalid >> > >> > Bug description: >> > * INFO 13:33:49,514 System property dhis2.home not set >> > (DefaultLocationManager.java [Thread-2]) >> > * INFO 13:33:49,520 Environment variable DHIS2_HOME points to >> > /etc/dhis2/ghain/ (DefaultLocationManager.java [Thread-2]) >> > * INFO 13:35:37,796 Executing startup routine [1 of 12, runlevel 1]: >> > TableAlteror (DefaultStartupRoutineExecutor.java [Thread-2]) >> > * INFO 13:35:42,926 Tables updated (TableAlteror.java [Thread-2]) >> > * INFO 13:35:42,971 Executing startup routine [2 of 12, runlevel 2]: >> > PeriodTypePopulator (DefaultStartupRoutineExecutor.java [Thread-2]) >> > * INFO 13:35:43,171 Executing startup routine [3 of 12, runlevel 3]: >> > TableCreator (DefaultStartupRoutineExecutor.java [Thread-2]) >> > * INFO 13:35:43,311 Table aggregateddatavalue exists >> > (TableCreator.java [Thread-2]) >> > * INFO 13:35:43,326 Table aggregatedindicatorvalue exists >> > (TableCreator.java [Thread-2]) >> > * INFO 13:35:43,345 Index crosstab exists on table datavalue >> > (TableCreator.java [Thread-2]) >> > * INFO 13:35:43,349 Table aggregateddatasetcompleteness exists >> > (TableCreator.java [Thread-2]) >> > * INFO 13:35:43,354 Table datavaluearchive exists (TableCreator.java >> > [Thread-2]) >> > * INFO 13:35:43,358 Table patientdatavaluearchive exists >> > (TableCreator.java [Thread-2]) >> > * INFO 13:35:43,359 Executing startup routine [4 of 12, runlevel 3]: >> > DataElementDefaultDimensionPopulator >> > (DefaultStartupRoutineExecutor.java [Thread-2]) >> > * INFO 13:35:43,431 Linked default category with default concept >> > (DataElementDefaultDimensionPopulator.java [Thread-2]) >> > * INFO 13:35:46,037 Executing startup routine [5 of 12, runlevel 3]: >> > MultiDimensionExpressionUpgrader (DefaultStartupRoutineExecutor.java >> > [Thread-2]) >> > * WARN 13:35:46,078 SQL Error: 0, SQLState: 42703 >> > (JDBCExceptionReporter.java [Thread-2]) >> > * ERROR 13:35:46,079 ERROR: column dataelemen1_.uuid does not exist >> > Position: 166 (JDBCExceptionReporter.java [Thread-2]) >> > >> > To unsubscribe from this bug, go to: >> > https://bugs.launchpad.net/dhis2/+bug/727779/+subscribe >> > >> >> >> -- >> Jason P. Pickering >> email: jason.p.picker...@gmail.com >> tel:+260974901293 >> >> -- >> You received this bug notification because you are a member of DHIS 2 >> coordinators, which is the registrant for DHIS. >> https://bugs.launchpad.net/bugs/727779 >> >> Title: >> startup-routines-fail-when-database-user-permissions-are-not-set >> >> Status in DHIS 2 - District Health Information Software: >> Invalid >> >> Bug description: >> * INFO 13:33:49,514 System property dhis2.home not set >> (DefaultLocationManager.java [Thread-2]) >> * INFO 13:33:49,520 Environment variable DHIS2_HOME points to >> /etc/dhis2/ghain/ (DefaultLocationManager.java [Thread-2]) >> * INFO 13:35:37,796 Executing startup routine [1 of 12, runlevel 1]: >> TableAlteror (DefaultStartupRoutineExecutor.java [Thread-2]) >> * INFO 13:35:42,926 Tables updated (TableAlteror.java [Thread-2]) >> * INFO 13:35:42,971 Executing startup routine [2 of 12, runlevel 2]: >> PeriodTypePopulator (DefaultStartupRoutineExecutor.java [Thread-2]) >> * INFO 13:35:43,171 Executing startup routine [3 of 12, runlevel 3]: >> TableCreator (DefaultStartupRoutineExecutor.java [Thread-2]) >> * INFO 13:35:43,311 Table aggregateddatavalue exists >> (TableCreator.java [Thread-2]) >> * INFO 13:35:43,326 Table aggregatedindicatorvalue exists >> (TableCreator.java [Thread-2]) >> * INFO 13:35:43,345 Index crosstab exists on table datavalue >> (TableCreator.java [Thread-2]) >> * INFO 13:35:43,349 Table aggregateddatasetcompleteness exists >> (TableCreator.java [Thread-2]) >> * INFO 13:35:43,354 Table datavaluearchive exists (TableCreator.java >> [Thread-2]) >> * INFO 13:35:43,358 Table patientdatavaluearchive exists >> (TableCreator.java [Thread-2]) >> * INFO 13:35:43,359 Executing startup routine [4 of 12, runlevel 3]: >> DataElementDefaultDimensionPopulator >> (DefaultStartupRoutineExecutor.java [Thread-2]) >> * INFO 13:35:43,431 Linked default category with default concept >> (DataElementDefaultDimensionPopulator.java [Thread-2]) >> * INFO 13:35:46,037 Executing startup routine [5 of 12, runlevel 3]: >> MultiDimensionExpressionUpgrader (DefaultStartupRoutineExecutor.java >> [Thread-2]) >> * WARN 13:35:46,078 SQL Error: 0, SQLState: 42703 >> (JDBCExceptionReporter.java [Thread-2]) >> * ERROR 13:35:46,079 ERROR: column dataelemen1_.uuid does not exist >> Position: 166 (JDBCExceptionReporter.java [Thread-2]) >> > > -- > You received this bug notification because you are a member of DHIS 2 > developers, which is subscribed to DHIS. > https://bugs.launchpad.net/bugs/727779 > > Title: > startup-routines-fail-when-database-user-permissions-are-not-set > > Status in DHIS 2 - District Health Information Software: > Invalid > > Bug description: > * INFO 13:33:49,514 System property dhis2.home not set > (DefaultLocationManager.java [Thread-2]) > * INFO 13:33:49,520 Environment variable DHIS2_HOME points to > /etc/dhis2/ghain/ (DefaultLocationManager.java [Thread-2]) > * INFO 13:35:37,796 Executing startup routine [1 of 12, runlevel 1]: > TableAlteror (DefaultStartupRoutineExecutor.java [Thread-2]) > * INFO 13:35:42,926 Tables updated (TableAlteror.java [Thread-2]) > * INFO 13:35:42,971 Executing startup routine [2 of 12, runlevel 2]: > PeriodTypePopulator (DefaultStartupRoutineExecutor.java [Thread-2]) > * INFO 13:35:43,171 Executing startup routine [3 of 12, runlevel 3]: > TableCreator (DefaultStartupRoutineExecutor.java [Thread-2]) > * INFO 13:35:43,311 Table aggregateddatavalue exists > (TableCreator.java [Thread-2]) > * INFO 13:35:43,326 Table aggregatedindicatorvalue exists > (TableCreator.java [Thread-2]) > * INFO 13:35:43,345 Index crosstab exists on table datavalue > (TableCreator.java [Thread-2]) > * INFO 13:35:43,349 Table aggregateddatasetcompleteness exists > (TableCreator.java [Thread-2]) > * INFO 13:35:43,354 Table datavaluearchive exists (TableCreator.java > [Thread-2]) > * INFO 13:35:43,358 Table patientdatavaluearchive exists > (TableCreator.java [Thread-2]) > * INFO 13:35:43,359 Executing startup routine [4 of 12, runlevel 3]: > DataElementDefaultDimensionPopulator > (DefaultStartupRoutineExecutor.java [Thread-2]) > * INFO 13:35:43,431 Linked default category with default concept > (DataElementDefaultDimensionPopulator.java [Thread-2]) > * INFO 13:35:46,037 Executing startup routine [5 of 12, runlevel 3]: > MultiDimensionExpressionUpgrader (DefaultStartupRoutineExecutor.java > [Thread-2]) > * WARN 13:35:46,078 SQL Error: 0, SQLState: 42703 > (JDBCExceptionReporter.java [Thread-2]) > * ERROR 13:35:46,079 ERROR: column dataelemen1_.uuid does not exist > Position: 166 (JDBCExceptionReporter.java [Thread-2]) > > _______________________________________________ > Mailing list: https://launchpad.net/~dhis2-devs > Post to : dhis2-devs@lists.launchpad.net > Unsubscribe : https://launchpad.net/~dhis2-devs > More help : https://help.launchpad.net/ListHelp > -- Jason P. Pickering email: jason.p.picker...@gmail.com tel:+260974901293 _______________________________________________ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp
