git.postgresql.org Git - skytools.git/commit

projects / skytools.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: f82bdd5) | patch

author	Marko Kreen <markokr@gmail.com>
	Wed, 2 May 2012 13:45:00 +0000 (16:45 +0300)
committer	Marko Kreen <markokr@gmail.com>
	Thu, 10 May 2012 18:19:24 +0000 (21:19 +0300)
commit	128f094b0852944366856bdc56badb1b27dad40c
tree	70e051b590ee966e7fa2f735a6914684fc4048ff	tree
parent	f82bdd553aabbdee0b44fc2c91e182baa8928d87	commit \| diff

Group-access roles for SQL functions (draft)

This is attempt for fine-grained access rights for all
Skytools SQL schemas.  As it still needs review,
the rights are not activated by default, instead
following sql files are generated:

  newgrants_<schema>.sql - applies new rights, drop old public access

  oldgrants_<schema>.sql - restores old rights - public execute
              privilege to all functions

Only thing that is active by default is creation of new
groups in upgrade functions.

New access roles:

pgq_reader
    Can consume queues (source-side)

pgq_writer
    Can write into queues (source-side / dest-side)
    Can use pgq_node/pgq_ext schema as regular
    consumer (dest-side)

pgq_admin
    Admin operations on queues, required for CascadedWorker on dest-side.
    Member of pgq_reader and pgq_writer.

londiste_reader
    Member of pgq_reader, needs additional read access to tables.
    (source-side)

londiste_writer
    Member of pgq_admin, needs additional write access to tables.
    (dest-side)

29 files changed:

doc/Makefile		diff \| blob \| blame \| history
doc/sql-grants.txt	[new file with mode: 0644]	blob
scripts/grantfu.py	[new file with mode: 0755]	blob
sql/londiste/Makefile		diff \| blob \| blame \| history
sql/londiste/functions/londiste.upgrade_schema.sql		diff \| blob \| blame \| history
sql/londiste/structure/grants.ini	[new file with mode: 0644]	blob
sql/londiste/structure/install.sql		diff \| blob \| blame \| history
sql/pgq/Makefile		diff \| blob \| blame \| history
sql/pgq/expected/pgq_perms.out	[new file with mode: 0644]	blob
sql/pgq/functions/pgq.grant_perms.sql		diff \| blob \| blame \| history
sql/pgq/functions/pgq.upgrade_schema.sql		diff \| blob \| blame \| history
sql/pgq/sql/pgq_perms.sql	[new file with mode: 0644]	blob
sql/pgq/structure/grants.ini	[new file with mode: 0644]	blob
sql/pgq/structure/grants.sql		diff \| blob \| blame \| history
sql/pgq/structure/install.sql		diff \| blob \| blame \| history
sql/pgq_coop/Makefile		diff \| blob \| blame \| history
sql/pgq_coop/structure/grants.ini	[new file with mode: 0644]	blob
sql/pgq_coop/structure/grants.sql		diff \| blob \| blame \| history
sql/pgq_ext/Makefile		diff \| blob \| blame \| history
sql/pgq_ext/structure/grants.ini	[new file with mode: 0644]	blob
sql/pgq_ext/structure/grants.sql	[new file with mode: 0644]	blob
sql/pgq_ext/structure/install.sql		diff \| blob \| blame \| history
sql/pgq_ext/structure/tables.sql		diff \| blob \| blame \| history
sql/pgq_node/Makefile		diff \| blob \| blame \| history
sql/pgq_node/functions/pgq_node.upgrade_schema.sql		diff \| blob \| blame \| history
sql/pgq_node/structure/grants.ini	[new file with mode: 0644]	blob
sql/pgq_node/structure/grants.sql	[new file with mode: 0644]	blob
sql/pgq_node/structure/install.sql		diff \| blob \| blame \| history
sql/pgq_node/structure/tables.sql		diff \| blob \| blame \| history

Skytools master repo.