4. Access rights
Always use groups, execpt for exceptions.
Groups come form the SSO. You may need to create some (don’t forget to expose them in the service).
Arcanite’s rule: Use group’s projets. Create a subgroup if needed.
Abstack’s rules: There are some special groups named “DB Acceess” to set right.
You will need to set rights first for project access. Add all needed group. If external have the right to check logs, add their group as well.
On each DSN, add relevent groups in the ‘Group’ section. If query can make queries, add them as well to ‘Groups with query access’.
On the display page of a group, you can check the expended result of users who have access.