Mercurial > ~dholland > hg > swallowtail > index.cgi
diff database/schema/classify.sql @ 55:40f64a96481f
Adjust database user arrangements and grant schema privs.
| author | David A. Holland |
|---|---|
| date | Sun, 10 Apr 2022 19:36:29 -0400 (2022-04-10) |
| parents | cd36b49f4437 |
| children |
line wrap: on
line diff
--- a/database/schema/classify.sql Sun Apr 10 17:41:24 2022 -0400 +++ b/database/schema/classify.sql Sun Apr 10 19:36:29 2022 -0400 @@ -355,3 +355,94 @@ ORDER BY schemeordering ; +------------------------------------------------------------ +-- permissions + +-- Only administrators can add or rearrange schemes. +GRANT SELECT, INSERT, UPDATE, DELETE ON hierclass_names TO swallowtail_admin; +GRANT SELECT, INSERT, UPDATE, DELETE ON hierclass_values TO swallowtail_admin; +GRANT SELECT, INSERT, UPDATE, DELETE ON flatclass_names TO swallowtail_admin; +GRANT SELECT, INSERT, UPDATE, DELETE ON flatclass_values TO swallowtail_admin; +GRANT SELECT, INSERT, UPDATE, DELETE ON textclass_names TO swallowtail_admin; +GRANT SELECT, INSERT, UPDATE, DELETE ON tagclass_names TO swallowtail_admin; +GRANT SELECT, INSERT, UPDATE, DELETE ON tagclass_values TO swallowtail_admin; + +GRANT SELECT ON hierclass_names TO swallowtail_writer; +GRANT SELECT ON hierclass_values TO swallowtail_writer; +GRANT SELECT ON flatclass_names TO swallowtail_writer; +GRANT SELECT ON flatclass_values TO swallowtail_writer; +GRANT SELECT ON textclass_names TO swallowtail_writer; +GRANT SELECT ON tagclass_names TO swallowtail_writer; +GRANT SELECT ON tagclass_values TO swallowtail_writer; + +GRANT SELECT ON hierclass_names TO swallowtail_reader; +GRANT SELECT ON hierclass_values TO swallowtail_reader; +GRANT SELECT ON flatclass_names TO swallowtail_reader; +GRANT SELECT ON flatclass_values TO swallowtail_reader; +GRANT SELECT ON textclass_names TO swallowtail_reader; +GRANT SELECT ON tagclass_names TO swallowtail_reader; +GRANT SELECT ON tagclass_values TO swallowtail_reader; + +GRANT SELECT ON hierclass_names TO swallowtail_public; +GRANT SELECT ON hierclass_values TO swallowtail_public; +GRANT SELECT ON flatclass_names TO swallowtail_public; +GRANT SELECT ON flatclass_values TO swallowtail_public; +GRANT SELECT ON textclass_names TO swallowtail_public; +GRANT SELECT ON tagclass_names TO swallowtail_public; +GRANT SELECT ON tagclass_values TO swallowtail_public; + +-- The data, however, is ordinarily accessible. +GRANT SELECT, INSERT, UPDATE, DELETE ON hierclass_data TO swallowtail_admin; +GRANT SELECT, INSERT, UPDATE, DELETE ON flatclass_data TO swallowtail_admin; +GRANT SELECT, INSERT, UPDATE, DELETE ON textclass_data TO swallowtail_admin; +GRANT SELECT, INSERT, UPDATE, DELETE ON tagclass_data TO swallowtail_admin; +GRANT SELECT, INSERT, UPDATE, DELETE ON tagclass_data TO swallowtail_admin; + +GRANT SELECT, INSERT, UPDATE, DELETE ON hierclass_data TO swallowtail_writer; +GRANT SELECT, INSERT, UPDATE, DELETE ON flatclass_data TO swallowtail_writer; +GRANT SELECT, INSERT, UPDATE, DELETE ON textclass_data TO swallowtail_writer; +GRANT SELECT, INSERT, UPDATE, DELETE ON tagclass_data TO swallowtail_writer; +GRANT SELECT, INSERT, UPDATE, DELETE ON tagclass_data TO swallowtail_writer; + +GRANT SELECT ON hierclass_data TO swallowtail_reader, swallowtail_public; +GRANT SELECT ON flatclass_data TO swallowtail_reader, swallowtail_public; +GRANT SELECT ON textclass_data TO swallowtail_reader, swallowtail_public; +GRANT SELECT ON tagclass_data TO swallowtail_reader, swallowtail_public; +GRANT SELECT ON tagclass_data TO swallowtail_reader, swallowtail_public; + +-- The views are generally readable. +GRANT SELECT ON tagclass_stringdata TO swallowtail_admin; +GRANT SELECT ON tagclass_stringdata TO swallowtail_writer; +GRANT SELECT ON tagclass_stringdata TO swallowtail_reader; +GRANT SELECT ON tagclass_stringdata TO swallowtail_public; + +GRANT SELECT ON hierclass_data_ordered TO swallowtail_admin; +GRANT SELECT ON hierclass_data_ordered TO swallowtail_writer; +GRANT SELECT ON hierclass_data_ordered TO swallowtail_reader; +GRANT SELECT ON hierclass_data_ordered TO swallowtail_public; + +GRANT SELECT ON flatclass_data_ordered TO swallowtail_admin; +GRANT SELECT ON flatclass_data_ordered TO swallowtail_writer; +GRANT SELECT ON flatclass_data_ordered TO swallowtail_reader; +GRANT SELECT ON flatclass_data_ordered TO swallowtail_public; + +GRANT SELECT ON textclass_data_ordered TO swallowtail_admin; +GRANT SELECT ON textclass_data_ordered TO swallowtail_writer; +GRANT SELECT ON textclass_data_ordered TO swallowtail_reader; +GRANT SELECT ON textclass_data_ordered TO swallowtail_public; + +GRANT SELECT ON tagclass_data_ordered TO swallowtail_admin; +GRANT SELECT ON tagclass_data_ordered TO swallowtail_writer; +GRANT SELECT ON tagclass_data_ordered TO swallowtail_reader; +GRANT SELECT ON tagclass_data_ordered TO swallowtail_public; + +GRANT SELECT ON tagclass_stringdata_ordered TO swallowtail_admin; +GRANT SELECT ON tagclass_stringdata_ordered TO swallowtail_writer; +GRANT SELECT ON tagclass_stringdata_ordered TO swallowtail_reader; +GRANT SELECT ON tagclass_stringdata_ordered TO swallowtail_public; + +GRANT SELECT ON classifications TO swallowtail_admin; +GRANT SELECT ON classifications TO swallowtail_writer; +GRANT SELECT ON classifications TO swallowtail_reader; +GRANT SELECT ON classifications TO swallowtail_public; +