diff --git a/schema/deploy/roles/reporter/revoke-select-on-receiving-consensus-genome.sql b/schema/deploy/roles/reporter/revoke-select-on-receiving-consensus-genome.sql new file mode 100644 index 000000000..923464305 --- /dev/null +++ b/schema/deploy/roles/reporter/revoke-select-on-receiving-consensus-genome.sql @@ -0,0 +1,7 @@ +-- Deploy seattleflu/schema:roles/reporter/revoke-select-on-receiving-consensus-genome to pg + +begin; + +revoke select on receiving.consensus_genome from reporter; + +commit; diff --git a/schema/deploy/roles/reporter/revoke-select-on-receiving-sequence-read-set.sql b/schema/deploy/roles/reporter/revoke-select-on-receiving-sequence-read-set.sql new file mode 100644 index 000000000..2177b3666 --- /dev/null +++ b/schema/deploy/roles/reporter/revoke-select-on-receiving-sequence-read-set.sql @@ -0,0 +1,7 @@ +-- Deploy seattleflu/schema:roles/reporter/revoke-select-on-receiving-sequence-read-set to pg + +begin; + +revoke select on receiving.sequence_read_set from reporter; + +commit; diff --git a/schema/revert/roles/reporter/revoke-select-on-receiving-consensus-genome.sql b/schema/revert/roles/reporter/revoke-select-on-receiving-consensus-genome.sql new file mode 100644 index 000000000..0d92dabba --- /dev/null +++ b/schema/revert/roles/reporter/revoke-select-on-receiving-consensus-genome.sql @@ -0,0 +1,7 @@ +-- Revert seattleflu/schema:roles/reporter/revoke-select-on-receiving-consensus-genome from pg + +begin; + +grant select on receiving.consensus_genome to reporter; + +commit; diff --git a/schema/revert/roles/reporter/revoke-select-on-receiving-sequence-read-set.sql b/schema/revert/roles/reporter/revoke-select-on-receiving-sequence-read-set.sql new file mode 100644 index 000000000..06f6f8160 --- /dev/null +++ b/schema/revert/roles/reporter/revoke-select-on-receiving-sequence-read-set.sql @@ -0,0 +1,7 @@ +-- Revert seattleflu/schema:roles/reporter/revoke-select-on-receiving-sequence-read-set from pg + +begin; + +grant select on receiving.sequence_read_set to reporter; + +commit; diff --git a/schema/sqitch.plan b/schema/sqitch.plan index 4ed803514..0fe568688 100644 --- a/schema/sqitch.plan +++ b/schema/sqitch.plan @@ -251,3 +251,7 @@ warehouse/sequence-read-set/access-role-rls 2023-07-27T21:32:39Z Dave Reinhart < @2023-07-27 2023-07-27T21:44:39Z Dave Reinhart # Schema as of 27 July 2023 shipping/views [shipping/views@2023-07-27] 2023-07-27T22:31:51Z Dave Reinhart # Add security invoker to shipping views for row-level security @2023-07-28 2023-07-27T22:41:52Z Dave Reinhart # Schema as of 28 July 2023 + +roles/reporter/revoke-select-on-receiving-consensus-genome 2023-08-18T23:41:26Z Dave Reinhart # Revoke select permissions on receiving.consensus_genome from reporter. +roles/reporter/revoke-select-on-receiving-sequence-read-set 2023-08-21T17:02:31Z Dave Reinhart # Revoke select permissions on receiving.sequence_read_set from reporter. +@2023-08-21 2023-08-21T17:58:25Z Dave Reinhart # Schema as of 21 August 2023 diff --git a/schema/verify/roles/reporter/revoke-select-on-receiving-consensus-genome.sql b/schema/verify/roles/reporter/revoke-select-on-receiving-consensus-genome.sql new file mode 100644 index 000000000..6ce6c4221 --- /dev/null +++ b/schema/verify/roles/reporter/revoke-select-on-receiving-consensus-genome.sql @@ -0,0 +1,7 @@ +-- Verify seattleflu/schema:roles/reporter/revoke-select-on-receiving-consensus-genome on pg + +begin; + +select 1/(not pg_catalog.has_table_privilege('reporter', 'receiving.consensus_genome', 'select'))::int; + +rollback; diff --git a/schema/verify/roles/reporter/revoke-select-on-receiving-sequence-read-set.sql b/schema/verify/roles/reporter/revoke-select-on-receiving-sequence-read-set.sql new file mode 100644 index 000000000..dc69e4004 --- /dev/null +++ b/schema/verify/roles/reporter/revoke-select-on-receiving-sequence-read-set.sql @@ -0,0 +1,7 @@ +-- Verify seattleflu/schema:roles/reporter/revoke-select-on-receiving-sequence-read-set on pg + +begin; + +select 1/(not pg_catalog.has_table_privilege('reporter', 'receiving.sequence_read_set', 'select'))::int; + +rollback;