Normally RelStorage creates the database tables for you and the user you 
have specified is the owner of those tables.  For security reasons a 
client does not want this, but wants a different user to own the tables 
and instead only grant some permissions to the relstorage user.  I guess 
theoretically there could be a bug in the relstorage code that could 
lead to more problems when the relstorage user has full rights to those 
tables.  I am not losing any sleep over fears like that though. :-)

But putting aside a potentially distracting discussion about whether 
this extra security is needed: which permissions does relstorage really 
need?  Select, update, insert and delete are obvious.  I have seen that 
packing also needs the truncate permission.  Everything seems to work 
with this combination.

But for that extra bit peace of mind: am I overlooking a permission?

This is on postgres btw.

Maurits van Rees
Web App Programmer at Zest Software: http://zestsoftware.nl
Personal website: http://maurits.vanrees.org/

For more information about ZODB, see the ZODB Wiki:

ZODB-Dev mailing list  -  ZODB-Dev@zope.org

Reply via email to