-
Type:
Task
-
Status: Done (View Workflow)
-
Priority:
Normal
-
Resolution: Done
-
Component/s: None
-
Labels:
-
Story Points:1
-
Sprint:EngRun3Cleanup
We currently use the pfs role for all connections to the opdb and archiver databases, and that role has infinite power (it has the superuser bit). We should be more careful, if only to avoid doom-typos. How about three roles:
| Name | Permissions | Note |
|---|---|---|
| public | select | For querying and browsing |
| pfs | select,insert | For the ICS and DRP programs, mainly |
| admin | all | Obvious |