mirror of
https://github.com/xbgmsharp/postgsail.git
synced 2025-09-17 03:07:47 +00:00
Update views owner permission using security_invoker and security_barrier
This commit is contained in:
xbgmsharp
@@ -91,24 +91,30 @@ GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA api TO user_role;
|
|||||||
-- TODO should not be need !! ??
|
-- TODO should not be need !! ??
|
||||||
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO user_role;
|
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO user_role;
|
||||||
|
|
||||||
|
-- pg15 feature security_invoker=true,security_barrier=true
|
||||||
|
GRANT SELECT ON TABLE api.logs_view TO user_role;
|
||||||
|
GRANT SELECT ON TABLE api.log_view TO user_role;
|
||||||
|
GRANT SELECT ON TABLE api.stays_view TO user_role;
|
||||||
|
GRANT SELECT ON TABLE api.stay_view TO user_role;
|
||||||
|
GRANT SELECT ON TABLE api.monitoring_view TO user_role;
|
||||||
-- Update ownership for security user_role as run by web user.
|
-- Update ownership for security user_role as run by web user.
|
||||||
-- Web listing
|
-- Web listing
|
||||||
ALTER VIEW api.stays_view OWNER TO user_role;
|
--ALTER VIEW api.stays_view OWNER TO user_role;
|
||||||
ALTER VIEW api.moorages_view OWNER TO user_role;
|
ALTER VIEW api.moorages_view OWNER TO user_role;
|
||||||
ALTER VIEW api.logs_view OWNER TO user_role;
|
--ALTER VIEW api.logs_view OWNER TO user_role;
|
||||||
ALTER VIEW api.vessel_p_view OWNER TO user_role;
|
--ALTER VIEW api.vessel_p_view OWNER TO user_role;
|
||||||
ALTER VIEW api.monitoring_view OWNER TO user_role;
|
--ALTER VIEW api.monitoring_view OWNER TO user_role;
|
||||||
-- Remove all permissions except select
|
-- Remove all permissions except select
|
||||||
REVOKE UPDATE, TRUNCATE, REFERENCES, DELETE, TRIGGER, INSERT ON TABLE api.stays_view FROM user_role;
|
--REVOKE UPDATE, TRUNCATE, REFERENCES, DELETE, TRIGGER, INSERT ON TABLE api.stays_view FROM user_role;
|
||||||
REVOKE UPDATE, TRUNCATE, REFERENCES, DELETE, TRIGGER, INSERT ON TABLE api.moorages_view FROM user_role;
|
REVOKE UPDATE, TRUNCATE, REFERENCES, DELETE, TRIGGER, INSERT ON TABLE api.moorages_view FROM user_role;
|
||||||
REVOKE UPDATE, TRUNCATE, REFERENCES, DELETE, TRIGGER, INSERT ON TABLE api.logs_view FROM user_role;
|
--REVOKE UPDATE, TRUNCATE, REFERENCES, DELETE, TRIGGER, INSERT ON TABLE api.logs_view FROM user_role;
|
||||||
REVOKE UPDATE, TRUNCATE, REFERENCES, DELETE, TRIGGER, INSERT ON TABLE api.monitoring_view FROM user_role;
|
--REVOKE UPDATE, TRUNCATE, REFERENCES, DELETE, TRIGGER, INSERT ON TABLE api.monitoring_view FROM user_role;
|
||||||
|
|
||||||
-- Allow read and update on VIEWS
|
-- Allow read and update on VIEWS
|
||||||
-- Web detail view
|
-- Web detail view
|
||||||
ALTER VIEW api.log_view OWNER TO user_role;
|
--ALTER VIEW api.log_view OWNER TO user_role;
|
||||||
-- Remove all permissions except select and update
|
-- Remove all permissions except select and update
|
||||||
REVOKE TRUNCATE, DELETE, TRIGGER, INSERT ON TABLE api.log_view FROM user_role;
|
--REVOKE TRUNCATE, DELETE, TRIGGER, INSERT ON TABLE api.log_view FROM user_role;
|
||||||
|
|
||||||
ALTER VIEW api.vessels_view OWNER TO user_role;
|
ALTER VIEW api.vessels_view OWNER TO user_role;
|
||||||
-- Remove all permissions except select and update
|
-- Remove all permissions except select and update
|
||||||
|
|||||||
Reference in New Issue
Block a user