Each databases can have multiple roles. The role can be defined by owner. The role is stored in database_role
database_id: which database that the role is belonged to
can_execute_query: role can execute query direct to database. That's the highest level of permission because if user can send SQL to database, they can basically do anything.
is_owner: owner can grant other people permission.
However, if we want to define granular permission to table and column level, we will rely on database_role_permission. By default without can_execute_query, user has no permission to any table.
To grant permission to table, they can do
role
access
table_name
column_name
table
read
users
NULL
table
write
blogs
NULL
table
write_delete
courses
NULL
When user granted the table permission, they can read all columns. To limit the column permission, we can do
Each databases can have multiple roles. The role can be defined by owner. The role is stored in
database_roledatabase_id: which database that the role is belonged tocan_execute_query: role can execute query direct to database. That's the highest level of permission because if user can send SQL to database, they can basically do anything.is_owner: owner can grant other people permission.However, if we want to define granular permission to table and column level, we will rely on
database_role_permission. By default withoutcan_execute_query, user has no permission to any table.To grant permission to table, they can do
When user granted the table permission, they can read all columns. To limit the column permission, we can do
We can implement this here
https://github.com/invisal/libsql-studio/blob/develop/src/app/api/database/%5Bdatabase_id%5D/ops/route.ts
You can propose on how the API look like. It should contain: