Mercurial > gemma

view schema/roles.sql @ 478:3af7ca761f6a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Purge password reset role The risk of SQL-injections and thus privilege escalation via the metamorphic user was estimated not high enough to justify the extra role. Thus, bring database back in line with rev. ffdb507d5b42 and re-enable password reset.
author Tom Gottfried <tom@intevation.de>
date Thu, 23 Aug 2018 16:41:44 +0200
parents 5611cf72cc92
children 6590208e3ee1
line wrap: on
line source

--
-- Primary GEMMA roles
--
CREATE ROLE waterway_user;
CREATE ROLE waterway_admin IN ROLE waterway_user;
CREATE ROLE sys_admin IN ROLE waterway_admin;

--
-- Special roles
--

-- A role that is intended to be used for backend- or
-- GeoServer-connections on which SET ROLE has to be used to
-- gain privileges of a specific role
CREATE ROLE metamorph NOINHERIT;