Hello again,
[Again, apologies if this is documented somewhere - if it is I haven't found it yet.]
I see that for production servers you recommend running Galaxy on PostgreSQL (or maybe MySQL) rather than SQLite: http://bitbucket.org/galaxy/galaxy-central/wiki/Config/ProductionServer
I'm wondering if there is any specific advice about what permissions to give the galaxy database user account beyond this:
Give Galaxy its own database user and database. Galaxy's schema could conflict with other tables in your database. Also, restrict Galaxy's database user so it only has access to its own database.
For example, I'd guess that normally (i.e. run.sh) all that Galaxy needs is to insert/delete/modify data in existing tables. On the other hand setup.sh would also need to add/drop/modify tables (particularly for creating the database and also for the database migration system).
Does it make sense to have separate PostgreSQL/MySQL accounts for an everyday "galaxy user" (which can't alter the schema, used via run.sh) and a separate "galaxy admin" (used by setup.py)?
Or, do you just recommend a single "galaxy" user in PostgreSQL/MySQL which has complete control over the Galaxy database? Simple, but less secure.
Thanks,
Peter