Mercurial > gemma
changeset 1872:f63712670c25
Simplify RLS policies on import jobs
We want to allow the sys_admin role to run imports without
restrictions. Restrictions on specific data via policies on
respective tables will have to be released later on.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Thu, 17 Jan 2019 18:15:15 +0100 |
parents | 8ae7a1fba4cd |
children | 9f8f7d3fd655 |
files | schema/auth.sql |
diffstat | 1 files changed, 3 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/schema/auth.sql Thu Jan 17 17:29:39 2019 +0100 +++ b/schema/auth.sql Thu Jan 17 18:15:15 2019 +0100 @@ -138,12 +138,9 @@ ALTER table waterway.imports ENABLE ROW LEVEL SECURITY; -- The job running the import queue is running as sys_admin and login users --- with that role should see all imports anyhow -CREATE POLICY read_all ON waterway.imports - FOR SELECT TO sys_admin - USING (true); -CREATE POLICY update_all ON waterway.imports - FOR UPDATE TO sys_admin +-- with that role should be able to run imports without restrictions anyhow +CREATE POLICY import_all ON waterway.imports + FOR ALL TO sys_admin USING (true); CREATE POLICY parent_allowed ON waterway.import_logs