Mercurial > gemma
comparison schema/manage_users.sql @ 207:88d21c29cf04
Care for the fact that role attributes are not inherited
Tests are now run with login roles instead of abstract base roles.
create_user has become a SECURITY DEFINER function, thus circumventing
RLS policies and that a sys_admin cannot CREATE ROLEs by himself. A test
has been added to showcase the intentional error in case the name of
an abstract base role is used as a new username.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Mon, 23 Jul 2018 11:29:41 +0200 |
parents | 5dc8e734487a |
children | 229f385448fa |
comparison
equal
deleted
inserted
replaced
206:cd6ad5eaef8d | 207:88d21c29cf04 |
---|---|
18 username, country, map_extent, email_adress); | 18 username, country, map_extent, email_adress); |
19 EXECUTE format( | 19 EXECUTE format( |
20 'CREATE ROLE %I IN ROLE %I LOGIN PASSWORD %L', username, userrole, pw); | 20 'CREATE ROLE %I IN ROLE %I LOGIN PASSWORD %L', username, userrole, pw); |
21 END; | 21 END; |
22 $$ | 22 $$ |
23 LANGUAGE plpgsql; | 23 LANGUAGE plpgsql |
24 SECURITY DEFINER; |