Database Object Permissions After Setup

Peter October 6, 2015

During initial setup of both JIRA and Confluence, the applications obviously require database accounts with the permissions to create database object.  After the setup has been completed, do these accounts continue to require these database object permissions?  Can the account permissions be reduced to select/delete/update?  This comes with the understanding that upgrades, installation of additional add-ons, or other system admin changes may require these elevated permissions temporarily.

 

The reason I am asking is that my company's security policy does not allow process accounts to have DB object permissions without an exception.

 

Specifically, I am using Oracle for both JIRA and Confluence.

1 answer

0 votes
Dave C
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 7, 2015

Any time you upgrade or install a new add-on it may make changes to the database. Typically plugins are supposed to use our Active Objects way of storing data in the database - this means they can make changes during upgrade or installation, as tables will need to be created and optionally changed during upgrade dependent on upgrade tasks.

They can be reduced after you install JIRA, however any time you go to upgrade or install a new plugin those permissions may need to be added again (it depends on how the plugin stores data in the database).

Depending on the plugin, it may or may not be able to safely recover from failed database operations during upgrade / installation. So this means that potentially if the permissions aren't available, and the plugin is installed / updated, it may corrupt the installation. This means you may need to restore an XML backup to get the data back into an expected state.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events