We’re a fairly large shop, and we use liquibase via maven. As we add more and more schemas, we have to add every single schema user to the settings.xml for each one of the test environments (currently ten of them), which is getting unwieldy. The settings.xml file for our main build user is almost at 4,000 lines.
So I was wondering if anyone has come up with a good way to use a single user to write to many schemas in Oracle, without giving that one user permissions for sys/system tables. Basically, a release user that is not an su.
It looks like we could use the “liquibaseSchemaName” setting to set the changelog table to still be within each schema, but it;s the authentication that I’m unsure about.
We have slightly different setup; we don’t use Oracle or settings.xml, but we do have a similar issue with superuser access and multiple schemas and maven.
For us our username/passwords are setup in a maven pom.xml which contains <db.user>liquibasedeploy</db.user> section and then a
sort of section which refers to the variables setup in the
propeties section.
In this way, we can modify the user and/or password credentials
used in our different environments by overriding the maven properties within Jenkins or from the command line with a “-Ddb.user=NEWVALUE” sort of approach, and this can be done by deployment teams without modfiying or touching the code in our .xml files. (Another way to override these is by setting some JAVA_OPTS settings I believe.)
In the same way you can override the username, you can override the
JDBC which specifies the schema your changes are being
made in without having to specify them all in your maven .xml.