2023-02-08 05:58:45 -05:00
|
|
|
/* This SQL will run after all other queries. */
|
|
|
|
|
|
|
|
grant select, insert, update, delete
|
|
|
|
on all tables
|
|
|
|
in schema public
|
|
|
|
to logto_tenant_${database};
|
|
|
|
|
2023-02-09 05:31:14 -05:00
|
|
|
-- Security policies for tenants table --
|
|
|
|
|
2023-02-08 05:58:45 -05:00
|
|
|
revoke all privileges
|
|
|
|
on table tenants
|
|
|
|
from logto_tenant_${database};
|
|
|
|
|
2023-03-08 06:16:42 -05:00
|
|
|
/* Allow limited select to perform the RLS policy query in `after_each` (using select ... from tenants ...) */
|
2023-02-09 05:31:14 -05:00
|
|
|
grant select (id, db_user)
|
|
|
|
on table tenants
|
|
|
|
to logto_tenant_${database};
|
|
|
|
|
|
|
|
alter table tenants enable row level security;
|
|
|
|
|
|
|
|
/* Create RLS policy to minimize the privilege */
|
|
|
|
create policy tenants_tenant_id on tenants
|
|
|
|
using (db_user = current_user);
|
|
|
|
|
|
|
|
-- End --
|
|
|
|
|
|
|
|
/* Revoke all privileges on systems table for tenant roles */
|
2023-02-08 05:58:45 -05:00
|
|
|
revoke all privileges
|
|
|
|
on table systems
|
|
|
|
from logto_tenant_${database};
|