Skip to content

Draft: script to create public haf user

Marcin requested to merge mi_public_haf_user into develop

Introduce new script to create a haf application user (a PostgreSQL role) with limited privileges using the 'query_supervisor' plugin. The script revokes the CREATE privilege from public user for all available tablespaces, except for a dedicated one reserved for the public user. This restriction helps in controlling the amount of disk space utilized by the public user. Additionally, the script revokes the TEMPORARY privilege to prevent leaking disk space during a long postgres session. As a part of its execution, at start the script also drops existing objects, haf contexts, tablespace, and role of the public user, if they were created earlier - this implies that the script can be utilized periodically to clear PostgreSQL resources that are being used by the public user.

Merge request reports

Loading