Mercurial > gemma

changeset 1872:f63712670c25

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Simplify RLS policies on import jobs We want to allow the sys_admin role to run imports without restrictions. Restrictions on specific data via policies on respective tables will have to be released later on.
author Tom Gottfried <tom@intevation.de>
date Thu, 17 Jan 2019 18:15:15 +0100
parents 8ae7a1fba4cd
children 9f8f7d3fd655
files schema/auth.sql
diffstat 1 files changed, 3 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/schema/auth.sql	Thu Jan 17 17:29:39 2019 +0100
+++ b/schema/auth.sql	Thu Jan 17 18:15:15 2019 +0100
@@ -138,12 +138,9 @@
 ALTER table waterway.imports ENABLE ROW LEVEL SECURITY;
 
 -- The job running the import queue is running as sys_admin and login users
--- with that role should see all imports anyhow
-CREATE POLICY read_all ON waterway.imports
-    FOR SELECT TO sys_admin
-    USING (true);
-CREATE POLICY update_all ON waterway.imports
-    FOR UPDATE TO sys_admin
+-- with that role should be able to run imports without restrictions anyhow
+CREATE POLICY import_all ON waterway.imports
+    FOR ALL TO sys_admin
     USING (true);
 
 CREATE POLICY parent_allowed ON waterway.import_logs