How can I separate the database DBA user and app access user in rails? The app user will be able to run the app but perform no DDL. The DBA user will be used for migrations.
I do not want the user that runs the rails app to be able to create, drop or modify database objects. This type of user access-rights separation is a pretty minimal best practice and I am concerned that this does not seem to be the norm in the rails world. What am I missing?
My current thinking is that I should create 2 stanzas per database in the database.yml file. One for the dba user and one for the normal app user. Does anyone have any better suggestions?