Mercurial > gemma
diff schema/auth.sql @ 5013:7dff1015283d
Add row level security policies for waterway axis
Enforcing the area of responsibility this way instead of leaving it
up to the importer implementation will also reduce complexity of
statements needed to implement keeping of historic axis data.
| author | Tom Gottfried <tom@intevation.de> |
|---|---|
| date | Thu, 12 Mar 2020 14:49:19 +0100 |
| parents | d410e7ab03fe |
| children | 388947a3050d |
line wrap: on
line diff
--- a/schema/auth.sql Wed Mar 11 23:40:44 2020 +0100 +++ b/schema/auth.sql Thu Mar 12 14:49:19 2020 +0100 @@ -106,6 +106,14 @@ END; $$; +-- Tables without staging area +CREATE POLICY hide_nothing ON waterway.waterway_axis + FOR SELECT TO waterway_user USING (true); +CREATE POLICY sys_admin ON waterway.waterway_axis + FOR ALL TO sys_admin USING (true); +ALTER TABLE waterway.waterway_axis ENABLE ROW LEVEL SECURITY; + + -- -- RLS policies for templates -- @@ -178,6 +186,21 @@ USING (true); -- +-- Tables without staging area +-- +-- Use three policies instead of one FOR ALL to avoid costly expressions +-- being added in SELECT queries. +CREATE POLICY responsibility_area_insert ON waterway.waterway_axis + FOR INSERT TO waterway_admin + WITH CHECK (users.utm_covers(wtwaxs)); +CREATE POLICY responsibility_area_update ON waterway.waterway_axis + FOR UPDATE TO waterway_admin + USING (users.utm_covers(wtwaxs)); +CREATE POLICY responsibility_area_delete ON waterway.waterway_axis + FOR DELETE TO waterway_admin + USING (users.utm_covers(wtwaxs)); + +-- -- RLS policies for imports and import config --