From 305f7c37359e85d881586de542af856092a230ab Mon Sep 17 00:00:00 2001
From: Yorhel <git@yorhel.nl>
Date: Sat, 25 Nov 2017 14:31:32 +0100
Subject: perms.sql: Revoke all permissions before re-assigning

This makes perms.sql the definitive place for all permissions assigned
to these roles. The DROP OWNED does require superuser privileges, but
that's alright - the statement is simply skipped when run as 'vndb'.
---
 util/sql/perms.sql | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'util')

diff --git a/util/sql/perms.sql b/util/sql/perms.sql
index 3857d179..4a5d94ef 100644
--- a/util/sql/perms.sql
+++ b/util/sql/perms.sql
@@ -1,5 +1,6 @@
 -- vndb_site
 
+DROP OWNED BY vndb_site;
 GRANT CONNECT, TEMP ON DATABASE :DBNAME TO vndb_site;
 GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO vndb_site;
 GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO vndb_site;
@@ -85,6 +86,7 @@ GRANT SELECT, INSERT, UPDATE, DELETE ON wlists                   TO vndb_site;
 -- vndb_multi
 -- (Assuming all modules are loaded)
 
+DROP OWNED BY vndb_multi;
 GRANT CONNECT, TEMP ON DATABASE :DBNAME TO vndb_multi;
 GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO vndb_multi;
 GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO vndb_multi;
-- 
cgit v1.2.3