You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a DevSecOps in a small startup, I'm exploring database schema management solutions to manage a couple of dozen PostgreSQL databases along with a ClickHouse cluster. Bytebase looks very promising, but one critical area we need to understand better before potentially adopting it is how it fits with managing native database permissions (GRANT/REVOKE).
We understand that Bytebase has its own sophisticated permission system with Workspace/Project roles (Admin, DBA, Developer, etc.) and custom roles, controlling who can do what within the Bytebase platform (use SQL Editor, propose/approve changes, etc.). We'd likely manage these Bytebase roles using Terraform if we proceed.
However, regardless of the schema migration tool, we still have the fundamental need to manage the underlying, native database permissions β the GRANT and REVOKE statements defining privileges for our application service accounts, reporting users, etc., directly on the Postgres and ClickHouse databases/clusters.
Our Core Question for the Community:
For those of you using Bytebase, how do you effectively manage, version, and apply these nativeGRANT/REVOKE statements alongside Bytebase's schema management workflow? Understanding this interaction is a key part of our evaluation.
Areas We're Trying to Understand:
Workflow Integration:
How do you typically integrate native permission changes (e.g., GRANT SELECT ON new_table TO app_user) with the schema changes managed through Bytebase issues?
Are GRANT/REVOKE statements commonly included in the same SQL script/issue as related DDL, managed separately, or handled by another tool entirely (perhaps Terraform alongside the Bytebase provider)? What works well?
Aligning Permissions:
How do you ensure native GRANTs required by applications are applied correctly after a related schema change is deployed via Bytebase?
Does using Bytebase's controlled workflow generally change how your organization handles native permissions for direct human access?
Managing Bytebase's Own Principal:
How do you typically manage the privileges of the database user account that Bytebase itself uses to connect and apply changes to your databases?
Version Control & Auditing:
What are common practices for version controlling native GRANT/REVOKE statements in a Bytebase environment? (e.g., SQL files in Git, Terraform, other?)
How do you review and audit these native permission changes?
Tooling & Consistency:
How do you ensure native permissions are applied consistently across environments when DDL is managed by Bytebase?
Are there specific Bytebase features (or limitations) we should be aware of regarding native permission management, especially for Postgres and ClickHouse?
We're trying to get a clear picture of the best practices and common patterns used by the community to handle native DCL alongside Bytebase's DDL capabilities. Your insights would be incredibly helpful for our evaluation process.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi Bytebase Community,
As a DevSecOps in a small startup, I'm exploring database schema management solutions to manage a couple of dozen PostgreSQL databases along with a ClickHouse cluster. Bytebase looks very promising, but one critical area we need to understand better before potentially adopting it is how it fits with managing native database permissions (
GRANT/REVOKE).We understand that Bytebase has its own sophisticated permission system with Workspace/Project roles (Admin, DBA, Developer, etc.) and custom roles, controlling who can do what within the Bytebase platform (use SQL Editor, propose/approve changes, etc.). We'd likely manage these Bytebase roles using Terraform if we proceed.
However, regardless of the schema migration tool, we still have the fundamental need to manage the underlying, native database permissions β the
GRANTandREVOKEstatements defining privileges for our application service accounts, reporting users, etc., directly on the Postgres and ClickHouse databases/clusters.Our Core Question for the Community:
For those of you using Bytebase, how do you effectively manage, version, and apply these native
GRANT/REVOKEstatements alongside Bytebase's schema management workflow? Understanding this interaction is a key part of our evaluation.Areas We're Trying to Understand:
Workflow Integration:
GRANT SELECT ON new_table TO app_user) with the schema changes managed through Bytebase issues?GRANT/REVOKEstatements commonly included in the same SQL script/issue as related DDL, managed separately, or handled by another tool entirely (perhaps Terraform alongside the Bytebase provider)? What works well?Aligning Permissions:
GRANTs required by applications are applied correctly after a related schema change is deployed via Bytebase?Managing Bytebase's Own Principal:
Version Control & Auditing:
GRANT/REVOKEstatements in a Bytebase environment? (e.g., SQL files in Git, Terraform, other?)Tooling & Consistency:
We're trying to get a clear picture of the best practices and common patterns used by the community to handle native DCL alongside Bytebase's DDL capabilities. Your insights would be incredibly helpful for our evaluation process.
Thanks in advance for sharing your experiences!
Beta Was this translation helpful? Give feedback.
All reactions