0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-23 20:33:16 -05:00
logto/packages/schemas/tables/_after_all.sql

32 lines
803 B
MySQL
Raw Normal View History

2023-02-08 05:58:45 -05:00
/* This SQL will run after all other queries. */
grant select, insert, update, delete
on all tables
in schema public
to logto_tenant_${database};
2023-02-09 05:31:14 -05:00
-- Security policies for tenants table --
2023-02-08 05:58:45 -05:00
revoke all privileges
on table tenants
from logto_tenant_${database};
2023-02-09 05:31:14 -05:00
/* Allow limited select to perform RLS query in `after_each` (using select ... from tenants ...) */
grant select (id, db_user)
on table tenants
to logto_tenant_${database};
alter table tenants enable row level security;
/* Create RLS policy to minimize the privilege */
create policy tenants_tenant_id on tenants
to logto_tenant_${database}
using (db_user = current_user);
-- End --
/* Revoke all privileges on systems table for tenant roles */
2023-02-08 05:58:45 -05:00
revoke all privileges
on table systems
from logto_tenant_${database};