more newgrants fixes.

mostly works now.

only problem is that londiste_writer needs to be
superuser because of session_replication_role.
That can be fixed with secdef function, but that
means code needs to be installed separately.

diff --git a/sql/londiste/structure/grants.ini b/sql/londiste/structure/grants.ini
index df88dacca7319b843362546bcc6b285767d1f37b..ca2a37650faa776a5f7000a7b0a2824f8a9f6912 100644 (file)
--- a/sql/londiste/structure/grants.ini
+++ b/sql/londiste/structure/grants.ini
@@ -1,13 +1,13 @@
 
 [GrantFu]
 # roles that we maintain in this file
-roles = londiste_writer, londiste_reader, public
+roles = londiste_writer, londiste_reader, public, pgq_admin
 
 
 [1.tables]
 on.tables = londiste.table_info, londiste.seq_info, londiste.pending_fkeys, londiste.applied_execute
 
-londiste_writer = select, insert, update, delete
+pgq_admin = select, insert, update, delete
 londiste_reader = select
 
 # backwards compat, should be dropped?
@@ -25,10 +25,20 @@ londiste_reader = execute
 londiste_writer = execute
 
 
-[3.local.node]
+[4.local.node]
 on.functions = %(londiste_local_fns)s, %(londiste_internal_fns)s
 londiste_writer = execute
 
+[5.seqs]
+londiste_writer = usage
+on.sequences =
+       londiste.table_info_nr_seq,
+       londiste.seq_info_nr_seq
+
+[6.maint]
+pgq_admin = execute
+on.functions = londiste.periodic_maintenance()
+
 
 # define various groups of functions
 [DEFAULT]
@@ -86,5 +96,7 @@ londiste_local_fns =
        londiste.drop_table_triggers(text, text),
        londiste.table_info_trigger(),
        londiste.create_partition(text, text, text, text, timestamptz, text),
-       londiste.drop_obsolete_partitions (text, interval, text)
+       londiste.drop_obsolete_partitions (text, interval, text),
+       londiste.create_trigger(text,text,text[],text,text)
+
 

diff --git a/sql/pgq/structure/grants.ini b/sql/pgq/structure/grants.ini
index 451695da317c5ca1a805955039b7d0c02ba6d18c..f44aebccc81c3a2f907f484ae22ad11c4a30dc6e 100644 (file)
--- a/sql/pgq/structure/grants.ini
+++ b/sql/pgq/structure/grants.ini
@@ -28,12 +28,20 @@ pgq_reader = select
 public = select
 
 [5.event.tables]
-on.tables = pgq.event_template, pgq.retry_queue
+on.tables = pgq.event_template
 pgq_reader = select
 
 # drop public access to events
 public =
 
+[6.retry.event]
+on.tables = pgq.retry_queue
+pgq_reader = select
+pgq_admin = select, insert, update, delete
+
+# drop public access to events
+public =
+
 
 #
 # define various groups of functions

diff --git a/sql/pgq_node/structure/grants.ini b/sql/pgq_node/structure/grants.ini
index d1cc45586d6c9786ee17488a4befe21df2946156..7c364fbbf47bb8fcc91fb64f5d53a8865e06d693 100644 (file)
--- a/sql/pgq_node/structure/grants.ini
+++ b/sql/pgq_node/structure/grants.ini
@@ -28,10 +28,22 @@ pgq_admin = execute
 on.functions = %(pgq_node_admin_fns)s
 pgq_admin = execute
 
+[5.tables]
+pgq_reader = select
+pgq_writer = select
+pgq_admin = select, insert, update, delete
+on.tables =
+       pgq_node.node_location,
+       pgq_node.node_info,
+       pgq_node.local_state,
+       pgq_node.subscriber_info
+
 # define various groups of functions
 [DEFAULT]
 
 pgq_node_remote_fns =
+       pgq_node.get_consumer_info(text),
+       pgq_node.get_consumer_state(text, text),
        pgq_node.get_queue_locations(text),
        pgq_node.get_node_info(text),
        pgq_node.get_subscriber_info(text),
@@ -49,8 +61,6 @@ pgq_node_admin_fns =
        pgq_node.maint_watermark(text)
 
 pgq_node_consumer_fns =
-       pgq_node.get_consumer_info(text),
-       pgq_node.get_consumer_state(text, text),
        pgq_node.register_consumer(text, text, text, int8),
        pgq_node.unregister_consumer(text, text),
        pgq_node.change_consumer_provider(text, text, text),