Page MenuHomePhabricator

Provide access to user created databases in PAWS
Open, LowestPublic

Description

What the title says :)

We do have access to "standart" databases in PAWS, but AFAIK not to user created ones. It would be very, very nice to have access to them.

If it's already possible, then please give some example

Event Timeline

Chicocvenancio changed the task status from Open to Stalled.Feb 27 2018, 7:25 PM
Chicocvenancio triaged this task as High priority.

Indeed this is not possible at the moment. I have some idea of how to do this but I will leave this stalled until T188428 is done to prevent breaking existing use cases.

Each PAWS user does not get an individual database credential pair, so the only access that really could be given in the current setup is read-only access to public user databases. Otherwise all PAWS sessions would be able to see and modify each others databases in the toolsdb server due to the shared credential setup that is used.

Each PAWS user does not get an individual database credential pair, so the only access that really could be given in the current setup is read-only access to public user databases.

Yes, sure. I was talking about simple read-only.

Chicocvenancio lowered the priority of this task from High to Lowest.Jun 10 2018, 12:11 AM
Aklapper changed the task status from Stalled to Open.May 19 2020, 1:12 PM
Aklapper added a subscriber: Aklapper.

T188428 is done hence resetting task status from stalled to open.

This task has been assigned to the same task owner for more than two years. Resetting task assignee due to inactivity, to decrease task cookie-licking and to get a slightly more realistic overview of plans. Please feel free to assign this task to yourself again if you still realistically work or plan to work on this task - it would be welcome!

For tips how to manage individual work in Phabricator (noisy notifications, lists of task, etc.), see https://phabricator.wikimedia.org/T228575#6237124 for available options.
(For the records, two emails were sent to assignee addresses before resetting assignees. See T228575 for more info and for potential feedback. Thanks!)

This ultimately has the same issue as T226110

Looking back at this, there is another piece to it: When I merge in the changes to the db proxy, it may be possible to add a redirect to toolsdb as another step.

Strike my last comment. The dbproxy is now deprecated. Oops.

Strike my last comment. The dbproxy is now deprecated. Oops.

There are per-account db creds now however. I don't think it would be a good idea to grant write access to ToolsDB from PAWS, but another round of changes to maintain-dbusers could create r/o creds in ToolsDB for them. That would probably look nicer in the db and the code if those used role based grants rather than the legacy grant system used for r/w ToolsDB users. Am I missing a gotcha in that?