Normally RelStorage creates the database tables for you and the user you
have specified is the owner of those tables. For security reasons a
client does not want this, but wants a different user to own the tables
and instead only grant some permissions to the relstorage user. I guess
theoretically there could be a bug in the relstorage code that could
lead to more problems when the relstorage user has full rights to those
tables. I am not losing any sleep over fears like that though. :-)
But putting aside a potentially distracting discussion about whether
this extra security is needed: which permissions does relstorage really
need? Select, update, insert and delete are obvious. I have seen that
packing also needs the truncate permission. Everything seems to work
with this combination.
But for that extra bit peace of mind: am I overlooking a permission?
This is on postgres btw.
Maurits van Rees
Web App Programmer at Zest Software: http://zestsoftware.nl
Personal website: http://maurits.vanrees.org/
For more information about ZODB, see the ZODB Wiki:
ZODB-Dev mailing list - ZODB-Dev@zope.org