Separate credentials for querying and updates

Guest · September 9, 2013, 9:00pm

Hello,

We have a very specific, security bounded, setup overhere.

A database user is only granted for inserts, selects and updates.
A second database user can do all, but is only activated when deploying a new application
Database used is Oracle

We could setup Liquibase to use the second database user and the rest of the application the first one. Problem with this approach is when the application restart liquibase is unable to verify the changelog and will continue to start the application.

What is the approach to be compliant with the above setup? The ideal situation would be that we can specify 2 credential set to liquibase, 1 to verify the change log and 1 to actually execute the changelog when required.

Thank you

Joris

nvoxland · September 9, 2013, 9:00pm

There is nothing built into liquibase currently, but there may be some options with the extension system if you do a little coding. In particular, you could create a Database implementation that overrides the default getRanChangeSetList() method. How you do that would probably depend quite a bit on your particular environment. Let me know if you need pointers to getting something like that going.

Nathan

Topic		Replies	Views
Various database users in changesets/changelog General Discussion	2	693	November 22, 2010
Issues with changelog and changeloglock tables while using different users using liquibase Liquibase Development	1	1082	December 7, 2021
Database user management with liquibase General Discussion	4	1481	April 12, 2012
Changes of two different schemas in same changelog? General Discussion	2	376	June 24, 2011
Does Liquibase log in for each changeset? General Discussion	0	344	June 4, 2012

Separate credentials for querying and updates

Related topics