I’m not sure if this has been discussed before, but are there significant challenges to having one database user to run migrations (ability to CREATE and/or EDIT schema) and another user to do CRUD actions on the data itself? I understand Rails takes care of a lot of sql injection attacks for us, but if the database user that rails used lacked schema EDIT capability, it would be impossible for a malicious user to DROP or ADD tables. Sure, there is still a lot of danger posed by a malicious data user (DELETE FROM table), but couldn’t we limit the attack area on the database with a more powerful “migration only” user?