-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
139 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
63 changes: 63 additions & 0 deletions
63
migrations/generic/timetables/1694620856287_add-api-user-permissions/down.sql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,63 @@ | ||
| REVOKE USAGE ON SCHEMA journey_pattern FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE SELECT ON ALL TABLES IN SCHEMA journey_pattern FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE INSERT ON ALL TABLES IN SCHEMA journey_pattern FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE UPDATE ON ALL TABLES IN SCHEMA journey_pattern FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE DELETE ON ALL TABLES IN SCHEMA journey_pattern FROM xxx_db_timetables_api_username_xxx; | ||
|
|
||
| REVOKE USAGE ON SCHEMA passing_times FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE SELECT ON ALL TABLES IN SCHEMA passing_times FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE INSERT ON ALL TABLES IN SCHEMA passing_times FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE UPDATE ON ALL TABLES IN SCHEMA passing_times FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE DELETE ON ALL TABLES IN SCHEMA passing_times FROM xxx_db_timetables_api_username_xxx; | ||
|
|
||
| REVOKE USAGE ON SCHEMA route FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE SELECT ON ALL TABLES IN SCHEMA route FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE INSERT ON ALL TABLES IN SCHEMA route FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE UPDATE ON ALL TABLES IN SCHEMA route FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE DELETE ON ALL TABLES IN SCHEMA route FROM xxx_db_timetables_api_username_xxx; | ||
|
|
||
| REVOKE USAGE ON SCHEMA service_calendar FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE SELECT ON ALL TABLES IN SCHEMA service_calendar FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE INSERT ON ALL TABLES IN SCHEMA service_calendar FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE UPDATE ON ALL TABLES IN SCHEMA service_calendar FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE DELETE ON ALL TABLES IN SCHEMA service_calendar FROM xxx_db_timetables_api_username_xxx; | ||
|
|
||
| REVOKE USAGE ON SCHEMA service_pattern FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE SELECT ON ALL TABLES IN SCHEMA service_pattern FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE INSERT ON ALL TABLES IN SCHEMA service_pattern FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE UPDATE ON ALL TABLES IN SCHEMA service_pattern FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE DELETE ON ALL TABLES IN SCHEMA service_pattern FROM xxx_db_timetables_api_username_xxx; | ||
|
|
||
| REVOKE USAGE ON SCHEMA vehicle_journey FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE SELECT ON ALL TABLES IN SCHEMA vehicle_journey FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE INSERT ON ALL TABLES IN SCHEMA vehicle_journey FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE UPDATE ON ALL TABLES IN SCHEMA vehicle_journey FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE DELETE ON ALL TABLES IN SCHEMA vehicle_journey FROM xxx_db_timetables_api_username_xxx; | ||
|
|
||
| REVOKE USAGE ON SCHEMA vehicle_schedule FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE SELECT ON ALL TABLES IN SCHEMA vehicle_schedule FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE INSERT ON ALL TABLES IN SCHEMA vehicle_schedule FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE UPDATE ON ALL TABLES IN SCHEMA vehicle_schedule FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE DELETE ON ALL TABLES IN SCHEMA vehicle_schedule FROM xxx_db_timetables_api_username_xxx; | ||
|
|
||
| REVOKE USAGE ON SCHEMA vehicle_service FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE SELECT ON ALL TABLES IN SCHEMA vehicle_service FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE INSERT ON ALL TABLES IN SCHEMA vehicle_service FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE UPDATE ON ALL TABLES IN SCHEMA vehicle_service FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE DELETE ON ALL TABLES IN SCHEMA vehicle_service FROM xxx_db_timetables_api_username_xxx; | ||
|
|
||
| REVOKE USAGE ON SCHEMA vehicle_type FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE SELECT ON ALL TABLES IN SCHEMA vehicle_type FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE INSERT ON ALL TABLES IN SCHEMA vehicle_type FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE UPDATE ON ALL TABLES IN SCHEMA vehicle_type FROM xxx_db_timetables_api_username_xxx; | ||
| REVOKE DELETE ON ALL TABLES IN SCHEMA vehicle_type FROM xxx_db_timetables_api_username_xxx; | ||
|
|
||
| ALTER DEFAULT PRIVILEGES IN SCHEMA journey_pattern REVOKE SELECT ON TABLES FROM xxx_db_timetables_api_username_xxx; | ||
| ALTER DEFAULT PRIVILEGES IN SCHEMA passing_times REVOKE SELECT ON TABLES FROM xxx_db_timetables_api_username_xxx; | ||
| ALTER DEFAULT PRIVILEGES IN SCHEMA route REVOKE SELECT ON TABLES FROM xxx_db_timetables_api_username_xxx; | ||
| ALTER DEFAULT PRIVILEGES IN SCHEMA service_calendar REVOKE SELECT ON TABLES FROM xxx_db_timetables_api_username_xxx; | ||
| ALTER DEFAULT PRIVILEGES IN SCHEMA service_pattern REVOKE SELECT ON TABLES FROM xxx_db_timetables_api_username_xxx; | ||
| ALTER DEFAULT PRIVILEGES IN SCHEMA vehicle_journey REVOKE SELECT ON TABLES FROM xxx_db_timetables_api_username_xxx; | ||
| ALTER DEFAULT PRIVILEGES IN SCHEMA vehicle_schedule REVOKE SELECT ON TABLES FROM xxx_db_timetables_api_username_xxx; | ||
| ALTER DEFAULT PRIVILEGES IN SCHEMA vehicle_service REVOKE SELECT ON TABLES FROM xxx_db_timetables_api_username_xxx; | ||
| ALTER DEFAULT PRIVILEGES IN SCHEMA vehicle_type REVOKE SELECT ON TABLES FROM xxx_db_timetables_api_username_xxx; |
65 changes: 65 additions & 0 deletions
65
migrations/generic/timetables/1694620856287_add-api-user-permissions/up.sql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| GRANT USAGE ON SCHEMA journey_pattern TO xxx_db_timetables_api_username_xxx; | ||
| GRANT SELECT ON ALL TABLES IN SCHEMA journey_pattern TO xxx_db_timetables_api_username_xxx; | ||
| GRANT INSERT ON ALL TABLES IN SCHEMA journey_pattern TO xxx_db_timetables_api_username_xxx; | ||
| GRANT UPDATE ON ALL TABLES IN SCHEMA journey_pattern TO xxx_db_timetables_api_username_xxx; | ||
| GRANT DELETE ON ALL TABLES IN SCHEMA journey_pattern TO xxx_db_timetables_api_username_xxx; | ||
|
|
||
| GRANT USAGE ON SCHEMA passing_times TO xxx_db_timetables_api_username_xxx; | ||
| GRANT SELECT ON ALL TABLES IN SCHEMA passing_times TO xxx_db_timetables_api_username_xxx; | ||
| GRANT INSERT ON ALL TABLES IN SCHEMA passing_times TO xxx_db_timetables_api_username_xxx; | ||
| GRANT UPDATE ON ALL TABLES IN SCHEMA passing_times TO xxx_db_timetables_api_username_xxx; | ||
| GRANT DELETE ON ALL TABLES IN SCHEMA passing_times TO xxx_db_timetables_api_username_xxx; | ||
|
|
||
| GRANT USAGE ON SCHEMA route TO xxx_db_timetables_api_username_xxx; | ||
| GRANT SELECT ON ALL TABLES IN SCHEMA route TO xxx_db_timetables_api_username_xxx; | ||
| GRANT INSERT ON ALL TABLES IN SCHEMA route TO xxx_db_timetables_api_username_xxx; | ||
| GRANT UPDATE ON ALL TABLES IN SCHEMA route TO xxx_db_timetables_api_username_xxx; | ||
| GRANT DELETE ON ALL TABLES IN SCHEMA route TO xxx_db_timetables_api_username_xxx; | ||
|
|
||
| GRANT USAGE ON SCHEMA service_calendar TO xxx_db_timetables_api_username_xxx; | ||
| GRANT SELECT ON ALL TABLES IN SCHEMA service_calendar TO xxx_db_timetables_api_username_xxx; | ||
| GRANT INSERT ON ALL TABLES IN SCHEMA service_calendar TO xxx_db_timetables_api_username_xxx; | ||
| GRANT UPDATE ON ALL TABLES IN SCHEMA service_calendar TO xxx_db_timetables_api_username_xxx; | ||
| GRANT DELETE ON ALL TABLES IN SCHEMA service_calendar TO xxx_db_timetables_api_username_xxx; | ||
|
|
||
| GRANT USAGE ON SCHEMA service_pattern TO xxx_db_timetables_api_username_xxx; | ||
| GRANT SELECT ON ALL TABLES IN SCHEMA service_pattern TO xxx_db_timetables_api_username_xxx; | ||
| GRANT INSERT ON ALL TABLES IN SCHEMA service_pattern TO xxx_db_timetables_api_username_xxx; | ||
| GRANT UPDATE ON ALL TABLES IN SCHEMA service_pattern TO xxx_db_timetables_api_username_xxx; | ||
| GRANT DELETE ON ALL TABLES IN SCHEMA service_pattern TO xxx_db_timetables_api_username_xxx; | ||
|
|
||
| GRANT USAGE ON SCHEMA vehicle_journey TO xxx_db_timetables_api_username_xxx; | ||
| GRANT SELECT ON ALL TABLES IN SCHEMA vehicle_journey TO xxx_db_timetables_api_username_xxx; | ||
| GRANT INSERT ON ALL TABLES IN SCHEMA vehicle_journey TO xxx_db_timetables_api_username_xxx; | ||
| GRANT UPDATE ON ALL TABLES IN SCHEMA vehicle_journey TO xxx_db_timetables_api_username_xxx; | ||
| GRANT DELETE ON ALL TABLES IN SCHEMA vehicle_journey TO xxx_db_timetables_api_username_xxx; | ||
|
|
||
| GRANT USAGE ON SCHEMA vehicle_schedule TO xxx_db_timetables_api_username_xxx; | ||
| GRANT SELECT ON ALL TABLES IN SCHEMA vehicle_schedule TO xxx_db_timetables_api_username_xxx; | ||
| GRANT INSERT ON ALL TABLES IN SCHEMA vehicle_schedule TO xxx_db_timetables_api_username_xxx; | ||
| GRANT UPDATE ON ALL TABLES IN SCHEMA vehicle_schedule TO xxx_db_timetables_api_username_xxx; | ||
| GRANT DELETE ON ALL TABLES IN SCHEMA vehicle_schedule TO xxx_db_timetables_api_username_xxx; | ||
|
|
||
| GRANT USAGE ON SCHEMA vehicle_service TO xxx_db_timetables_api_username_xxx; | ||
| GRANT SELECT ON ALL TABLES IN SCHEMA vehicle_service TO xxx_db_timetables_api_username_xxx; | ||
| GRANT INSERT ON ALL TABLES IN SCHEMA vehicle_service TO xxx_db_timetables_api_username_xxx; | ||
| GRANT UPDATE ON ALL TABLES IN SCHEMA vehicle_service TO xxx_db_timetables_api_username_xxx; | ||
| GRANT DELETE ON ALL TABLES IN SCHEMA vehicle_service TO xxx_db_timetables_api_username_xxx; | ||
|
|
||
| GRANT USAGE ON SCHEMA vehicle_type TO xxx_db_timetables_api_username_xxx; | ||
| GRANT SELECT ON ALL TABLES IN SCHEMA vehicle_type TO xxx_db_timetables_api_username_xxx; | ||
| GRANT INSERT ON ALL TABLES IN SCHEMA vehicle_type TO xxx_db_timetables_api_username_xxx; | ||
| GRANT UPDATE ON ALL TABLES IN SCHEMA vehicle_type TO xxx_db_timetables_api_username_xxx; | ||
| GRANT DELETE ON ALL TABLES IN SCHEMA vehicle_type TO xxx_db_timetables_api_username_xxx; | ||
|
|
||
| -- Note: ALTER DEFAULT PRIVILEGES IN SCHEMA only adds GRANTs to *new* tables created after this migration | ||
| -- if using GRANT, it'll only apply to the *existing* tables | ||
| ALTER DEFAULT PRIVILEGES IN SCHEMA journey_pattern GRANT SELECT ON TABLES TO xxx_db_timetables_api_username_xxx; | ||
| ALTER DEFAULT PRIVILEGES IN SCHEMA passing_times GRANT SELECT ON TABLES TO xxx_db_timetables_api_username_xxx; | ||
| ALTER DEFAULT PRIVILEGES IN SCHEMA route GRANT SELECT ON TABLES TO xxx_db_timetables_api_username_xxx; | ||
| ALTER DEFAULT PRIVILEGES IN SCHEMA service_calendar GRANT SELECT ON TABLES TO xxx_db_timetables_api_username_xxx; | ||
| ALTER DEFAULT PRIVILEGES IN SCHEMA service_pattern GRANT SELECT ON TABLES TO xxx_db_timetables_api_username_xxx; | ||
| ALTER DEFAULT PRIVILEGES IN SCHEMA vehicle_journey GRANT SELECT ON TABLES TO xxx_db_timetables_api_username_xxx; | ||
| ALTER DEFAULT PRIVILEGES IN SCHEMA vehicle_schedule GRANT SELECT ON TABLES TO xxx_db_timetables_api_username_xxx; | ||
| ALTER DEFAULT PRIVILEGES IN SCHEMA vehicle_service GRANT SELECT ON TABLES TO xxx_db_timetables_api_username_xxx; | ||
| ALTER DEFAULT PRIVILEGES IN SCHEMA vehicle_type GRANT SELECT ON TABLES TO xxx_db_timetables_api_username_xxx; |