0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00
logto/packages/schemas/tables/_after_all.sql
Gao Sun 38811e1099
refactor: remove internal role policies (#5904)
* refactor: remove internal role policies

* refactor: remove unused tests
2024-05-21 21:44:24 +08:00

34 lines
981 B
SQL

/* This SQL will run after all other queries. */
---- Grant CRUD access to the group ----
grant select, insert, update, delete
on all tables
in schema public
to logto_tenant_${database};
---- Security policies for tenants table ----
revoke all privileges
on table tenants
from logto_tenant_${database};
-- Allow limited select to perform the RLS policy query in `after_each` (using select ... from tenants ...)
grant select (id, db_user, is_suspended)
on table tenants
to logto_tenant_${database};
alter table tenants enable row level security;
-- Create RLS policy to minimize the privilege
create policy tenants_tenant_id on tenants
using (db_user = current_user);
---- Revoke all privileges on systems table for tenant roles ----
revoke all privileges
on table systems
from logto_tenant_${database};
---- Revoke all privileges on service_logs table for tenant roles ----
revoke all privileges
on table service_logs
from logto_tenant_${database};