Running migrations with user with less privileges | NestJS | Page 1

spice owl Jul 3, 2025, 11:37 AM

#

Hello, I have a question regarding PostgreSQL user management in my application setup.

I’m working with a NestJS application that uses TypeORM and connects to a PostgreSQL database. I have two database users:

root – with full privileges

app_user – limited to SELECT, INSERT, UPDATE, and DELETE

My goal is to keep the application running at all times with app_user for security reasons. However, when I need to modify the database schema (e.g., during a migration), I currently deploy the app once using the root user to run the migration, then redeploy it with app_user.

Is there a way to avoid redeploying and instead configure the application or migration process to:

use root only for running migrations, and

use app_user for the actual application runtime?

In other words, can I run the app once, but use separate users for migrations and for normal operations?

craggy tinsel Jul 3, 2025, 12:56 PM

#

Can you run a separate migration app on demand?

spice owl Jul 3, 2025, 2:56 PM

#

for this i should copy migration based on my entites i dont think this is easyer than redeploy app with different env vars

last frost Jul 3, 2025, 5:07 PM

#

Where do you deploy? In kubernetes, there's a frature called init container that always spins up before the actual container. We have used this im the past to run migrations - essentially the same app as the main one, but it shuts down right after the migration. Then the real app with only read/write access can start

#

Other than that, I don't think this is possible with the default typeorm wrapper provided by Nest, but it's definitely possible with a custom one

#Running migrations with user with less privileges