database/scripts/privileges.sql


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

-- Prevent 'bmuser' from creating objects (such as tables):
REVOKE CREATE ON SCHEMA public FROM public;
 -- even prevent creation of new schemas:
REVOKE CREATE,TEMP ON DATABASE bm FROM public;

-- NOTE: At this point, the 'bmuser' essentially cannot access the
-- 'bm' database at all. We need to explicitly add the desired privileges.

-- Define privileges for the 'bmuser':

GRANT SELECT ON upload TO bmuser;
GRANT INSERT ON upload TO bmuser;
GRANT UPDATE ON upload_id_seq TO bmuser; -- To allow auto-incrementing
                                         -- bigserial type.
GRANT SELECT ON upload_id_seq TO bmuser; -- To retrieve the latest ID.

GRANT SELECT ON host TO bmuser;
GRANT INSERT ON host TO bmuser;
GRANT UPDATE ON host_id_seq TO bmuser;

GRANT SELECT ON platform TO bmuser;
GRANT INSERT ON platform TO bmuser;
GRANT UPDATE ON platform_id_seq TO bmuser;

GRANT SELECT ON branch TO bmuser;
GRANT INSERT ON branch TO bmuser;
GRANT UPDATE ON branch_id_seq TO bmuser;

GRANT SELECT ON sha1 TO bmuser;
GRANT INSERT ON sha1 TO bmuser;
GRANT UPDATE ON sha1_id_seq TO bmuser;

GRANT SELECT ON benchmark TO bmuser;
GRANT INSERT ON benchmark TO bmuser;
GRANT UPDATE ON benchmark_id_seq TO bmuser;

GRANT SELECT ON metric TO bmuser;
GRANT INSERT ON metric TO bmuser;
GRANT UPDATE ON metric_id_seq TO bmuser;

GRANT SELECT ON result TO bmuser;
GRANT INSERT ON result TO bmuser;
GRANT UPDATE ON result_id_seq TO bmuser;

GRANT SELECT ON context TO bmuser;
GRANT INSERT ON context TO bmuser;
GRANT UPDATE ON context_id_seq TO bmuser;

GRANT SELECT ON rankingStat TO bmuser;

GRANT SELECT ON ranking TO bmuser;
GRANT INSERT ON ranking TO bmuser;
GRANT UPDATE ON ranking TO bmuser;
GRANT UPDATE ON ranking_id_seq TO bmuser;

GRANT SELECT ON timeSeriesAnnotation TO bmuser;
GRANT INSERT ON timeSeriesAnnotation TO bmuser;
GRANT UPDATE ON timeSeriesAnnotation TO bmuser;
GRANT DELETE ON timeSeriesAnnotation TO bmuser;
GRANT UPDATE ON timeSeriesAnnotation_id_seq TO bmuser;