Mercurial > ~dholland > hg > swallowtail > index.cgi

diff database/schema/classify.sql @ 55:40f64a96481f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Adjust database user arrangements and grant schema privs.
author David A. Holland
date Sun, 10 Apr 2022 19:36:29 -0400
parents cd36b49f4437
children
line wrap: on
line diff
--- a/database/schema/classify.sql	Sun Apr 10 17:41:24 2022 -0400
+++ b/database/schema/classify.sql	Sun Apr 10 19:36:29 2022 -0400
@@ -355,3 +355,94 @@
    ORDER BY schemeordering
 ;
 
+------------------------------------------------------------
+-- permissions
+
+-- Only administrators can add or rearrange schemes.
+GRANT SELECT, INSERT, UPDATE, DELETE ON hierclass_names TO swallowtail_admin;
+GRANT SELECT, INSERT, UPDATE, DELETE ON hierclass_values TO swallowtail_admin;
+GRANT SELECT, INSERT, UPDATE, DELETE ON flatclass_names TO swallowtail_admin;
+GRANT SELECT, INSERT, UPDATE, DELETE ON flatclass_values TO swallowtail_admin;
+GRANT SELECT, INSERT, UPDATE, DELETE ON textclass_names TO swallowtail_admin;
+GRANT SELECT, INSERT, UPDATE, DELETE ON tagclass_names TO swallowtail_admin;
+GRANT SELECT, INSERT, UPDATE, DELETE ON tagclass_values TO swallowtail_admin;
+
+GRANT SELECT ON hierclass_names TO swallowtail_writer;
+GRANT SELECT ON hierclass_values TO swallowtail_writer;
+GRANT SELECT ON flatclass_names TO swallowtail_writer;
+GRANT SELECT ON flatclass_values TO swallowtail_writer;
+GRANT SELECT ON textclass_names TO swallowtail_writer;
+GRANT SELECT ON tagclass_names TO swallowtail_writer;
+GRANT SELECT ON tagclass_values TO swallowtail_writer;
+
+GRANT SELECT ON hierclass_names TO swallowtail_reader;
+GRANT SELECT ON hierclass_values TO swallowtail_reader;
+GRANT SELECT ON flatclass_names TO swallowtail_reader;
+GRANT SELECT ON flatclass_values TO swallowtail_reader;
+GRANT SELECT ON textclass_names TO swallowtail_reader;
+GRANT SELECT ON tagclass_names TO swallowtail_reader;
+GRANT SELECT ON tagclass_values TO swallowtail_reader;
+
+GRANT SELECT ON hierclass_names TO swallowtail_public;
+GRANT SELECT ON hierclass_values TO swallowtail_public;
+GRANT SELECT ON flatclass_names TO swallowtail_public;
+GRANT SELECT ON flatclass_values TO swallowtail_public;
+GRANT SELECT ON textclass_names TO swallowtail_public;
+GRANT SELECT ON tagclass_names TO swallowtail_public;
+GRANT SELECT ON tagclass_values TO swallowtail_public;
+
+-- The data, however, is ordinarily accessible.
+GRANT SELECT, INSERT, UPDATE, DELETE ON hierclass_data TO swallowtail_admin;
+GRANT SELECT, INSERT, UPDATE, DELETE ON flatclass_data TO swallowtail_admin;
+GRANT SELECT, INSERT, UPDATE, DELETE ON textclass_data TO swallowtail_admin;
+GRANT SELECT, INSERT, UPDATE, DELETE ON tagclass_data TO swallowtail_admin;
+GRANT SELECT, INSERT, UPDATE, DELETE ON tagclass_data TO swallowtail_admin;
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON hierclass_data TO swallowtail_writer;
+GRANT SELECT, INSERT, UPDATE, DELETE ON flatclass_data TO swallowtail_writer;
+GRANT SELECT, INSERT, UPDATE, DELETE ON textclass_data TO swallowtail_writer;
+GRANT SELECT, INSERT, UPDATE, DELETE ON tagclass_data TO swallowtail_writer;
+GRANT SELECT, INSERT, UPDATE, DELETE ON tagclass_data TO swallowtail_writer;
+
+GRANT SELECT ON hierclass_data TO swallowtail_reader, swallowtail_public;
+GRANT SELECT ON flatclass_data TO swallowtail_reader, swallowtail_public;
+GRANT SELECT ON textclass_data TO swallowtail_reader, swallowtail_public;
+GRANT SELECT ON tagclass_data TO swallowtail_reader, swallowtail_public;
+GRANT SELECT ON tagclass_data TO swallowtail_reader, swallowtail_public;
+
+-- The views are generally readable.
+GRANT SELECT ON tagclass_stringdata TO swallowtail_admin;
+GRANT SELECT ON tagclass_stringdata TO swallowtail_writer;
+GRANT SELECT ON tagclass_stringdata TO swallowtail_reader;
+GRANT SELECT ON tagclass_stringdata TO swallowtail_public;
+
+GRANT SELECT ON hierclass_data_ordered TO swallowtail_admin;
+GRANT SELECT ON hierclass_data_ordered TO swallowtail_writer;
+GRANT SELECT ON hierclass_data_ordered TO swallowtail_reader;
+GRANT SELECT ON hierclass_data_ordered TO swallowtail_public;
+
+GRANT SELECT ON flatclass_data_ordered TO swallowtail_admin;
+GRANT SELECT ON flatclass_data_ordered TO swallowtail_writer;
+GRANT SELECT ON flatclass_data_ordered TO swallowtail_reader;
+GRANT SELECT ON flatclass_data_ordered TO swallowtail_public;
+
+GRANT SELECT ON textclass_data_ordered TO swallowtail_admin;
+GRANT SELECT ON textclass_data_ordered TO swallowtail_writer;
+GRANT SELECT ON textclass_data_ordered TO swallowtail_reader;
+GRANT SELECT ON textclass_data_ordered TO swallowtail_public;
+
+GRANT SELECT ON tagclass_data_ordered TO swallowtail_admin;
+GRANT SELECT ON tagclass_data_ordered TO swallowtail_writer;
+GRANT SELECT ON tagclass_data_ordered TO swallowtail_reader;
+GRANT SELECT ON tagclass_data_ordered TO swallowtail_public;
+
+GRANT SELECT ON tagclass_stringdata_ordered TO swallowtail_admin;
+GRANT SELECT ON tagclass_stringdata_ordered TO swallowtail_writer;
+GRANT SELECT ON tagclass_stringdata_ordered TO swallowtail_reader;
+GRANT SELECT ON tagclass_stringdata_ordered TO swallowtail_public;
+
+GRANT SELECT ON classifications TO swallowtail_admin;
+GRANT SELECT ON classifications TO swallowtail_writer;
+GRANT SELECT ON classifications TO swallowtail_reader;
+GRANT SELECT ON classifications TO swallowtail_public;
+