Which privileges should Apicurio database user have? #3501
-
|
Hi , |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Oh my - this is an old question that I never noticed. So sorry. There are two things going on here. The first is what permissions does registry need to access the PG db. The answer is it depends on whether you want registry to create the tables for you or not. Some companies have DBAs that want to vet and run any DDLs that create tables in a DB. If you do that, then you'll need this (for example): And then you just need to give the application standard table write permissions. I'm not a DBA so I don't recall offhand the technical specifics in PG of what that means, sorry. If you want the application to just install the DDL itself, then the app will need elevated PG permissions: specifically the ability to create tables in the PG database. Now, as for the other problem you report, which is the But that message usually indicates that you have enabled application-managed access controls (vs. IDP managed access). If you enable app managed access, then an authenticated user will not automatically have access to the registry - an "admin" user will need to grant access via the Registry UI. We have docs about this here: Look for the section titled |
Beta Was this translation helpful? Give feedback.
Oh my - this is an old question that I never noticed. So sorry.
There are two things going on here. The first is what permissions does registry need to access the PG db. The answer is it depends on whether you want registry to create the tables for you or not. Some companies have DBAs that want to vet and run any DDLs that create tables in a DB. If you do that, then you'll need this (for example):
https://github.com/Apicurio/apicurio-registry/blob/2.5.x/app/src/main/resources/io/apicurio/registry/storage/impl/sql/postgresql.ddl
And then you just need to give the application standard table write permissions. I'm not a DBA so I don't recall offhand the technical specifics in PG of what that…