What permissions does the database user require?
I'm nearly there with my nix/oci-contaner based windmill deployment. But I'm getting:
I'm connecting with the postgres user to a database running natively on the host machine. Any thoughts on what I might need to tweak?
9 Replies
You need to run this at least once: https://github.com/windmill-labs/windmill/blob/main/init-db-as-superuser.sql
GitHub
windmill/init-db-as-superuser.sql at main · windmill-labs/windmill
Open-source developer platform to turn scripts into workflows and UIs. Open-source alternative to Airplane and Retool. - windmill-labs/windmill
those users are needed for our permissioning that is based on RLS
Ah I see - is this taken care of by the docker compose process anywhere?
I'll run it my self and see it it help 🙂
yes!
well you actually wouldn't need to run this if you are a superuser, it's run by one of the migration
so I suppose you were running the containers as a non superuser
which is somewhat fine but you then need to create those users beforehand
So I was connecting with the postgres user. I was able to run the sql file as that user, but the migrations still didn't run..
then the postgres user isn't a superadmin
docker-compose does not do anything special: https://github.com/windmill-labs/windmill/blob/main/docker-compose.yml#L4
GitHub
windmill/docker-compose.yml at main · windmill-labs/windmill
Open-source developer platform to turn scripts into workflows and UIs. Open-source alternative to Airplane and Retool. - windmill-labs/windmill
it's run as part of the migrations if your user you connect to for first time has sufficient permissions
Hmmm... This is what I get in psql from \du:
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {} |
It could be that I was using an different user when I first started the service so there may have been some partially run migrations confusing things. Next time I set it up with nix it should be obvious 🙂