Closed KevinKelly25 closed 5 years ago
Thank you for this PR @KevinKelly25. Because it seems outdated now due to the fact that some other PR's took care of updating some of the tables in initializeDB.sql
and also added the schema qualifier name that was needed. It would probably be a good idea to go ahead and copy over what we currently have for our initializeDB.sql
. Also, this may resolve some of the conflicting issues this PR may have. Other than that I have updated the userMgmt.sql
in PR #92 so it will probably be a good idea to also go ahead and copy over what you have for that one to the current userMgmt.sql
.
Once you have done this I will do a more thorough review of this PR for the initializeServer.sql
. For now please make sure to include a space between --
and the start of your comment.
EDIT: Added the last sentence.
Updated the PR to work with the current dev branch. Everything should be be working with role based access control now.
Thanks @KevinKelly25. This PR functions well and I see how these changes improve the security and integrity of the data. I will approve to merge.
Edit: Original comment was written under the assumption that PRs currently in progress were already merged.
Thank you @michaeltorres1 and @cinnaco for reviewing the branch. While I see you changed your comment @cinnaco you are right that the branch should be at the most recent dev branch update for testing which I just checked and it works.
In this PR I add role based access controls to the database and all objects within. To do this I created a role
learnsql
withCREATEDB
andCREATEROLE
. These attributed are/will be needed for some operations within the database.For all tables and views I revoked all privileges from public and then reassigned the owner to the
learnsql
role. For the functions I did the same with also addingSECURITY DEFINER
to all function so that the function is always executed as thelearnsql
role rather then the superuser that could have possibly created the functions.Another addition is that only superusers and
learnsql
roles should be able to connect to this database now.