On 02/22/2011 03:10 PM, Maurits van Rees wrote: > Hi, > > Normally RelStorage creates the database tables for you and the user you > have specified is the owner of those tables. For security reasons a > client does not want this, but wants a different user to own the tables > and instead only grant some permissions to the relstorage user. I guess > theoretically there could be a bug in the relstorage code that could > lead to more problems when the relstorage user has full rights to those > tables. I am not losing any sleep over fears like that though. :-) > > But putting aside a potentially distracting discussion about whether > this extra security is needed: which permissions does relstorage really > need? Select, update, insert and delete are obvious. I have seen that > packing also needs the truncate permission. Everything seems to work > with this combination. > > But for that extra bit peace of mind: am I overlooking a permission?
Well, this is why transactions are really nice. If you overlooked anything, it is very likely that some transaction will be aborted normally and you'll get a nice traceback that narrows the problem quickly. So I think you'll be fine. :-) Shane _______________________________________________ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org https://mail.zope.org/mailman/listinfo/zodb-dev
