ocket8888 commented on code in PR #6802: URL: https://github.com/apache/trafficcontrol/pull/6802#discussion_r878542335
########## traffic_ops/app/db/create_tables.sql: ########## @@ -143,6 +143,42 @@ LANGUAGE plpgsql; Review Comment: `PARAMETER-SECURE:READ` is specifically being added in a migration to any users with the same "PrivLevel" as "admin" (has by default). It's not appropriate to include data in the schema creation, and it's not appropriate to modify a system that may be using the Permissions security system instead of PrivLevel by granting users a Permission they didn't have before seeding; seeding should only add data not update it. The only place it makes sense to me to be granting that Permission is in a migration. "admin" is intentionally only given the `ALL` Permission in `seeds.sql` because it always has all Permissions, regardless of any introduced or removed in the future. System administrators are meant to have to manually assign new Permissions to their users, so if they are doing a new install, it's correct for "admin" to not have the Permission because it only has "ALL". If they're updating, then they would have had to run the now-squashed migration, so any user that needs it will have it, including "admin". tl;dr - I don't think it's a bug that `admin` is missing those Permissions. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
