Versions Compared

Old Version 10

changes.mady.by.user Amber Williams

Saved on

compared with

New Version Current

changes.mady.by.user Amber Williams

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

Role-Based Privileges for Service User

Datical DB does Liquibase Enterprise does not require special privileges above and beyond what is required to create, alter, and drop the most common database object types that support your database applications. There are two common implementation patterns for configuring Datical DB configuring Liquibase Enterprise access schemes in DB2: granting privileges to the Datical Role and granting privileges to a single Datical User.

...

Granting privileges to a Datical Role is typically chosen in environments where individual team members will use unique credentials to access the database through Datical DBLiquibase Enterprise.  This simplifies the privilege management process by centralizing where GRANTS & REVOKES are performed.  The role is then assigned to the user accounts that require database access with Datical DBLiquibase Enterprise.

Granting Privileges to a

...

Dedicated Liquibase Enterprise User (Service User)

Granting privileges to a dedicated Datical User allows an organization to drastically reduce the number of individuals with access to the database password.  Because the database password is encoded in Datical DBLiquibase Enterprise, an administrator may create Datical DB create Liquibase Enterprise projects and share them with Datical DB with Liquibase Enterprise users.  The Datical DB The Liquibase Enterprise users can then perform database change tasks without having access to the database password.  We strongly recommend to use runtime credentials because it is more secure than stored credentials (due to the possibility of the stored password being decoded).

Privileges for Managed Databases

To validate and automate database deployments Datical DB deployments Liquibase Enterprise needs to be able to connect to a database and to perform routine CREATE, ALTER, & DROP statements in the appropriate schema.

...

  • Database Privileges
    • CONNECT
      • Grants the authority to access the database.
    • SQLADM
      • Grants the authority required to monitor and tune SQL statements. (Recommended for roles on the reference database to report on active connections that cause the backup and restore operations to fail).
  • Schema Privileges (use “with grant option” if user/role needs to grant permissions to other users/roles)

...