External pg db with non-dbo user


We run Gitlab with an external PostgreSQL db on a server managed by a group of dedicated dbas. Their (valid) policy is to always operate with a least privileged account, so we switch to a dbo account for upgrades and then switch back to a pedestrian user for normal operations.

I realize Gitlab’s docs say the db user should be an owner, but I’m kinda stuck between a rock and a hard place with this. Does anyone else run as a non-owner db user? We’re running into problems with it because Gitlab wants to make db changes on its own schedule. Our fabulous dba has written scripts to handle most of it, but every time we upgrade we have new surprise errors in the db logs when Gitlab tries to do something we haven’t anticipated. We upgrade non-prod first to catch such things, but some things don’t happen very often. I’m increasingly uncomfortable with the guessing game we’re playing here.

If you have a similar config/policy and have successfully gotten permission to run as the dbo user, please share your arguments. We could use some metaphorical ammunition. On the other hand, if you’ve found a subset of non-owner privileges that allow you to operate without error, please share!

Many thanks…