-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #5105 from dfe-analytical-services/dev
Merge dev into master
- Loading branch information
Showing
326 changed files
with
20,107 additions
and
5,499 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
#!/bin/bash | ||
set -e | ||
|
||
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL | ||
/* | ||
* Create application user roles. | ||
*/ | ||
CREATE ROLE app_public_data_api WITH LOGIN PASSWORD 'password'; | ||
CREATE ROLE app_public_data_processor WITH LOGIN PASSWORD 'password'; | ||
CREATE ROLE app_admin WITH LOGIN PASSWORD 'password'; | ||
CREATE ROLE app_publisher WITH LOGIN PASSWORD 'password'; | ||
/* | ||
* Grant the app_public_data_api role privileges to create new objects which it will own on the public schema. | ||
*/ | ||
GRANT CREATE ON SCHEMA public TO app_public_data_api; | ||
/* | ||
* Create a public_data_read_write group role which can be granted to user roles requiring read and write privileges on public schema objects. | ||
*/ | ||
CREATE ROLE public_data_read_write WITH NOLOGIN; | ||
/* | ||
* Allow the public_data_read_write group role to access objects in the public schema. | ||
* This does not include the permissions to read (i.e. `SELECT`) or modify (i.e. `INSERT`, `UPDATE`, `DELETE`) the content of those objects. | ||
*/ | ||
GRANT USAGE ON SCHEMA public TO public_data_read_write; | ||
/* | ||
* Grant privileges to the public_data_read_write group role for all tables and sequences in the public schema subsequently created by app_public_data_api. | ||
*/ | ||
ALTER DEFAULT PRIVILEGES FOR ROLE app_public_data_api IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES ON TABLES TO public_data_read_write; | ||
ALTER DEFAULT PRIVILEGES FOR ROLE app_public_data_api IN SCHEMA public GRANT SELECT, UPDATE ON SEQUENCES TO public_data_read_write; | ||
/* | ||
* Grant membership of the public_data_read_write group role to the application user roles. | ||
*/ | ||
GRANT public_data_read_write TO app_public_data_api; | ||
GRANT public_data_read_write TO app_public_data_processor; | ||
GRANT public_data_read_write TO app_admin; | ||
GRANT public_data_read_write TO app_publisher; | ||
EOSQL |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.