Clarify user/authentication management for accessing shared MESSAGEix databases #214
Description
Eventually, we want to run MESSAGEix workflows on databases managed by ixmp4. It is unclear to me how we will handle users/authentication to them as I don't think we'll require everyone to use the API layer.
The idea for the setup is to have at least three centrally managed PostgreSQL instances: something like "Archive", "Developing", and "Scratch". "Scratch" should be used by short-term work, e.g. the nightly CI or tutorial runs. It is not particularly important who has write access there.
"Developing" is for modelling work that takes longer to complete. Colleagues will be expected to move work from there to "Archive" if they want to share it in the long run (e.g. if it supports publications). However, colleagues may need to do some serious work on the "Developing" instance and may not appreciate if someone accidentally overwrites their Runs. Thus, we need to manage user access for both instances. "Developing" should be writable by most colleagues, with Run locks preventing overwriting of data. "Archive" should be read only for most users, and only some people should be able to store data there (and possibly even fewer to delete some).
How will this work? How will people get usernames and passwords? How are these enforced, are the @guard("edit") decorators enough?
Do I understand correctly that this currently only works when using the API layer?