Mercurial > gemma

annotate schema/roles.sql @ 319:ac760b0f22a9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add special role for password reset As password reset is exposed without requiring a login, let this role have privileges limited to reseting passwords, and only reseting passwords.
author Tom Gottfried <tom@intevation.de>
date Thu, 02 Aug 2018 13:06:39 +0200
parents 88d21c29cf04
children 5611cf72cc92
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
172
a422471db08a Automate running DB-tests with an extra database
Tom Gottfried <tom@intevation.de>
parents:
diff changeset
1 --
a422471db08a Automate running DB-tests with an extra database
Tom Gottfried <tom@intevation.de>
parents:
diff changeset
2 -- Primary GEMMA roles
a422471db08a Automate running DB-tests with an extra database
Tom Gottfried <tom@intevation.de>
parents:
diff changeset
3 --
a422471db08a Automate running DB-tests with an extra database
Tom Gottfried <tom@intevation.de>
parents:
diff changeset
4 CREATE ROLE waterway_user;
a422471db08a Automate running DB-tests with an extra database
Tom Gottfried <tom@intevation.de>
parents:
diff changeset
5 CREATE ROLE waterway_admin IN ROLE waterway_user;
207
88d21c29cf04 Care for the fact that role attributes are not inherited
Tom Gottfried <tom@intevation.de>
parents: 172
diff changeset
6 CREATE ROLE sys_admin IN ROLE waterway_admin;
319
ac760b0f22a9 Add special role for password reset
Tom Gottfried <tom@intevation.de>
parents: 207
diff changeset
7
ac760b0f22a9 Add special role for password reset
Tom Gottfried <tom@intevation.de>
parents: 207
diff changeset
8 --
ac760b0f22a9 Add special role for password reset
Tom Gottfried <tom@intevation.de>
parents: 207
diff changeset
9 -- Special roles
ac760b0f22a9 Add special role for password reset
Tom Gottfried <tom@intevation.de>
parents: 207
diff changeset
10 --
ac760b0f22a9 Add special role for password reset
Tom Gottfried <tom@intevation.de>
parents: 207
diff changeset
11
ac760b0f22a9 Add special role for password reset
Tom Gottfried <tom@intevation.de>
parents: 207
diff changeset
12 -- A role that is intended to be used for password reset only
ac760b0f22a9 Add special role for password reset
Tom Gottfried <tom@intevation.de>
parents: 207
diff changeset
13 CREATE ROLE pw_reset;