logto/packages/schemas/tables/_after_all.sql

/* This SQL will run after all other queries. */

---- Grant CRUD access to the group ----
grant select, insert, update, delete
  on all tables
  in schema public
  to logto_tenant_${database};

---- Security policies for tenants table ----

revoke all privileges
  on table tenants
  from logto_tenant_${database};

-- Allow limited select to perform the RLS policy query in `after_each` (using select ... from tenants ...)
grant select (id, db_user, is_suspended)
  on table tenants
  to logto_tenant_${database};

alter table tenants enable row level security;

-- Create RLS policy to minimize the privilege
create policy tenants_tenant_id on tenants
  using (db_user = current_user);

---- Revoke all privileges on systems table for tenant roles ----
revoke all privileges
  on table systems
  from logto_tenant_${database};

---- Revoke all privileges on service_logs table for tenant roles ----
revoke all privileges
  on table service_logs
  from logto_tenant_${database};
refactor: use RLS 2023-02-08 05:58:45 -05:00			`/* This SQL will run after all other queries. */`

refactor: hide internal roles for user tenants introduce internal roles which name starts with #internal: with RLS policies to make them read-only. 2023-03-08 11:07:33 -05:00			`---- Grant CRUD access to the group ----`
refactor: use RLS 2023-02-08 05:58:45 -05:00			`grant select, insert, update, delete`
			`on all tables`
			`in schema public`
			`to logto_tenant_${database};`

refactor: hide internal roles for user tenants introduce internal roles which name starts with #internal: with RLS policies to make them read-only. 2023-03-08 11:07:33 -05:00			`---- Security policies for tenants table ----`
refactor: fix alteration 2023-02-09 05:31:14 -05:00
refactor: use RLS 2023-02-08 05:58:45 -05:00			`revoke all privileges`
			`on table tenants`
			`from logto_tenant_${database};`

refactor: hide internal roles for user tenants introduce internal roles which name starts with #internal: with RLS policies to make them read-only. 2023-03-08 11:07:33 -05:00			-- Allow limited select to perform the RLS policy query in `after_each` (using select ... from tenants ...)
refactor(core,schemas): remove cloudConnection call in koaTenantGuard (#5395) remove cloudConnection dependency in the koaTenantGuard 2024-02-18 21:45:57 -05:00			`grant select (id, db_user, is_suspended)`
refactor: fix alteration 2023-02-09 05:31:14 -05:00			`on table tenants`
			`to logto_tenant_${database};`

			`alter table tenants enable row level security;`

refactor: hide internal roles for user tenants introduce internal roles which name starts with #internal: with RLS policies to make them read-only. 2023-03-08 11:07:33 -05:00			`-- Create RLS policy to minimize the privilege`
refactor: fix alteration 2023-02-09 05:31:14 -05:00			`create policy tenants_tenant_id on tenants`
			`using (db_user = current_user);`

refactor: hide internal roles for user tenants introduce internal roles which name starts with #internal: with RLS policies to make them read-only. 2023-03-08 11:07:33 -05:00			`---- Revoke all privileges on systems table for tenant roles ----`
refactor: use RLS 2023-02-08 05:58:45 -05:00			`revoke all privileges`
			`on table systems`
			`from logto_tenant_${database};`
refactor: hide internal roles for user tenants introduce internal roles which name starts with #internal: with RLS policies to make them read-only. 2023-03-08 11:07:33 -05:00
feat(schemas): add service logs table (#3390) 2023-03-14 02:15:45 -05:00			`---- Revoke all privileges on service_logs table for tenant roles ----`
			`revoke all privileges`
			`on table service_logs`
			`from logto_tenant_${database};`