Different postgres user per application#39
Conversation
|
By default, Google Cloud creates new users with the |
04b68e9 to
618f4f6
Compare
35eb33e to
963924c
Compare
7c9217a to
73ea4c5
Compare
|
I dove into this today, and it is a bit of a rabbit hole. It is not clear in the docs, but there is a massive difference between standard and IAM users. Standard users are basically superusers, but IAM users have no permissions at all. So we should instead migrate to IAM authentication with We can also phase out password authentication completely this way, as there is no need to pass around passwords with IAM. They are automagically fetched by the proxy when using the For more information, take a look here as well as the |
For security purposes, different applications should use different users in our Google Cloud postgres instance. The users should have the minimal required privileges within their database.
Before merging this PR, it should be verified that the users in the google cloud postgres instance have the correct permissions!
Tasks: