swallowtail bug database WIP stuff: database/schema/users.sql comparison

Adjust database user arrangements and grant schema privs.

comparison

equal deleted inserted replaced

-:36d91dfe017f
+:40f64a96481f
 --
 -- Users.
+--
+-- (That is, Swallowtail-level users.)
 --
 -- Rather than trying to have different kinds of users (as in the last
 -- rev of this stuff) I think we will just have user permissions.
 -- Otherwise we end up in various kinds of trouble if users change
 -- type. This means we cannot use foreign key constraints to e.g.
 -- Intended constraint:
 -- (oldresponsible OR responsible OR editpr OR admin)
 -- implies username not null.
+-- Admins need to be able to adjust user data freely.
+GRANT SELECT, INSERT, UPDATE, DELETE ON users TO swallowtail_admin;
+GRANT SELECT, INSERT, UPDATE, DELETE ON mailaddresses TO swallowtail_admin;
+GRANT SELECT ON usermail TO swallowtail_admin;
+-- Writers need to see the permission bits.
+GRANT SELECT ON users TO swallowtail_writer;
+-- Readers only need to be able to print.
+-- XXX: deny public access to emails?
+GRANT SELECT ON usermail TO swallowtail_reader;
+GRANT SELECT ON usermail TO swallowtail_public;
+-- The user operations interface needs to manage email addresses.
+GRANT SELECT ON users TO swallowtail_uops;
+GRANT UPDATE (realname) ON users TO swallowtail_uops;
+GRANT SELECT, INSERT, UPDATE, DELETE on mailaddresses to swallowtail_uops;

Mercurial > ~dholland > hg > swallowtail > index.cgi