-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdbauthorization.sql
More file actions
36 lines (30 loc) · 1.02 KB
/
dbauthorization.sql
File metadata and controls
36 lines (30 loc) · 1.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
-- Opravneni
-- Vytvoreni skupiny pro uzivatele aplikace
CREATE
GROUP app_users;
-- Prirazeni vsech opravneni na tabulce testy skupine uzivatelu aplikace
GRANT SELECT, INSERT, UPDATE, DELETE ON TABLE test TO GROUP app_users;
-- Prirazeni opravneni na generatoru id skupine uzivatelu aplikace
GRANT USAGE, SELECT ON SEQUENCE test_id_seq TO app_users;
-- Zapnuti funkce ROW LEVEL SECURITY - opravneni (policy) pro jednotlive radky
ALTER TABLE test ENABLE ROW LEVEL SECURITY;
-- Vsichni mohou insertovat
CREATE
POLICY insert_all ON test
FOR
INSERT WITH CHECK (true);
-- Author testu muze na svem zaznamu delat vse
CREATE
POLICY author_all ON test
USING (test.dbuser = CURRENT_USER);
-- Ostatni mohou zaznam cist pokud je sdilen ke cteni
CREATE
POLICY other_read_if_shared_for_read ON test
FOR
SELECT
USING
(test.shared_for_read = true);
-- Ostatni mohou zaznam upravit a cist (update pouziva select) pokud je sdilen k uprave
CREATE
POLICY other_update_if_shared_for_update ON test
USING (test.shared_for_update = true);