summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2017-11-25 14:31:32 +0100
committerYorhel <git@yorhel.nl>2017-11-25 14:31:34 +0100
commit305f7c37359e85d881586de542af856092a230ab (patch)
tree85a37c255370cdeac59a41d5fbab845483cf3d78
parent374fbc0c68dd87ed86e36593606ffa95cac25cdd (diff)
perms.sql: Revoke all permissions before re-assigning
This makes perms.sql the definitive place for all permissions assigned to these roles. The DROP OWNED does require superuser privileges, but that's alright - the statement is simply skipped when run as 'vndb'.
-rw-r--r--util/sql/perms.sql2
1 files changed, 2 insertions, 0 deletions
diff --git a/util/sql/perms.sql b/util/sql/perms.sql
index 3857d179..4a5d94ef 100644
--- a/util/sql/perms.sql
+++ b/util/sql/perms.sql
@@ -1,5 +1,6 @@
-- vndb_site
+DROP OWNED BY vndb_site;
GRANT CONNECT, TEMP ON DATABASE :DBNAME TO vndb_site;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO vndb_site;
GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO vndb_site;
@@ -85,6 +86,7 @@ GRANT SELECT, INSERT, UPDATE, DELETE ON wlists TO vndb_site;
-- vndb_multi
-- (Assuming all modules are loaded)
+DROP OWNED BY vndb_multi;
GRANT CONNECT, TEMP ON DATABASE :DBNAME TO vndb_multi;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO vndb_multi;
GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO vndb_multi;