Mercurial > gemma
annotate schema/roles.sql @ 319:ac760b0f22a9
Add special role for password reset
As password reset is exposed without requiring a login, let this role
have privileges limited to reseting passwords, and only reseting passwords.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Thu, 02 Aug 2018 13:06:39 +0200 |
parents | 88d21c29cf04 |
children | 5611cf72cc92 |
rev | line source |
---|---|
172
a422471db08a
Automate running DB-tests with an extra database
Tom Gottfried <tom@intevation.de>
parents:
diff
changeset
|
1 -- |
a422471db08a
Automate running DB-tests with an extra database
Tom Gottfried <tom@intevation.de>
parents:
diff
changeset
|
2 -- Primary GEMMA roles |
a422471db08a
Automate running DB-tests with an extra database
Tom Gottfried <tom@intevation.de>
parents:
diff
changeset
|
3 -- |
a422471db08a
Automate running DB-tests with an extra database
Tom Gottfried <tom@intevation.de>
parents:
diff
changeset
|
4 CREATE ROLE waterway_user; |
a422471db08a
Automate running DB-tests with an extra database
Tom Gottfried <tom@intevation.de>
parents:
diff
changeset
|
5 CREATE ROLE waterway_admin IN ROLE waterway_user; |
207
88d21c29cf04
Care for the fact that role attributes are not inherited
Tom Gottfried <tom@intevation.de>
parents:
172
diff
changeset
|
6 CREATE ROLE sys_admin IN ROLE waterway_admin; |
319
ac760b0f22a9
Add special role for password reset
Tom Gottfried <tom@intevation.de>
parents:
207
diff
changeset
|
7 |
ac760b0f22a9
Add special role for password reset
Tom Gottfried <tom@intevation.de>
parents:
207
diff
changeset
|
8 -- |
ac760b0f22a9
Add special role for password reset
Tom Gottfried <tom@intevation.de>
parents:
207
diff
changeset
|
9 -- Special roles |
ac760b0f22a9
Add special role for password reset
Tom Gottfried <tom@intevation.de>
parents:
207
diff
changeset
|
10 -- |
ac760b0f22a9
Add special role for password reset
Tom Gottfried <tom@intevation.de>
parents:
207
diff
changeset
|
11 |
ac760b0f22a9
Add special role for password reset
Tom Gottfried <tom@intevation.de>
parents:
207
diff
changeset
|
12 -- A role that is intended to be used for password reset only |
ac760b0f22a9
Add special role for password reset
Tom Gottfried <tom@intevation.de>
parents:
207
diff
changeset
|
13 CREATE ROLE pw_reset; |