« back to all changes in this revision
Viewing changes to database/schema/security.cfg
- browse files at revision 1520
- compare with another revision
- download diff
- download tarball
- view history from revision 1520
- Committer: Canonical.com Patch Queue Manager
- Date: 2005-03-24 05:50:42 UTC
- mfrom: (unknown (missing))
- Revision ID: Arch-1:rocketfuel@canonical.com%launchpad--devel--0--patch-1489
Review and fix database security update code
Patches applied:
* stuart.bishop@canonical.com/launchpad--devel--1--patch-223
Merge from Rocketfuel
* stuart.bishop@canonical.com/launchpad--devel--1--patch-224
Permissions on BountySubscription
* stuart.bishop@canonical.com/launchpad--devel--1--patch-225
Remove noise
* stuart.bishop@canonical.com/launchpad--devel--1--patch-226
Add command line to security.py for debug work
* stuart.bishop@canonical.com/launchpad--devel--1--patch-227
Oops... shouldn't have committed change to security.cfg
* stuart.bishop@canonical.com/launchpad--devel--1--patch-228
Ensure group membership is reset between runs
* stuart.bishop@canonical.com/launchpad--devel--1--patch-229
Handle 'database does not exist' error caused by interrupting a previous test run at the wrong time
* stuart.bishop@canonical.com/launchpad--devel--1--patch-230
Dev environment should connect as the correct PostgreSQL user
* stuart.bishop@canonical.com/launchpad--devel--1--patch-231
Launchpad needs DELETE on EmailAddress
* stuart.bishop@canonical.com/launchpad--devel--1--patch-232
Don't drop groups since they are global to the cluster - just remove all the users we care about instead
* stuart.bishop@canonical.com/launchpad--devel--1--patch-233
'read' and 'admin' groups now automatically maintained
* stuart.bishop@canonical.com/launchpad--devel--1--patch-234
Raise an exception if we have no security settings for a table or view
* stuart.bishop@canonical.com/launchpad--devel--1--patch-235
Pull dbhost/dbuser code -- need to support PQM
Patches applied:
* stuart.bishop@canonical.com/launchpad--devel--1--patch-223
Merge from Rocketfuel
* stuart.bishop@canonical.com/launchpad--devel--1--patch-224
Permissions on BountySubscription
* stuart.bishop@canonical.com/launchpad--devel--1--patch-225
Remove noise
* stuart.bishop@canonical.com/launchpad--devel--1--patch-226
Add command line to security.py for debug work
* stuart.bishop@canonical.com/launchpad--devel--1--patch-227
Oops... shouldn't have committed change to security.cfg
* stuart.bishop@canonical.com/launchpad--devel--1--patch-228
Ensure group membership is reset between runs
* stuart.bishop@canonical.com/launchpad--devel--1--patch-229
Handle 'database does not exist' error caused by interrupting a previous test run at the wrong time
* stuart.bishop@canonical.com/launchpad--devel--1--patch-230
Dev environment should connect as the correct PostgreSQL user
* stuart.bishop@canonical.com/launchpad--devel--1--patch-231
Launchpad needs DELETE on EmailAddress
* stuart.bishop@canonical.com/launchpad--devel--1--patch-232
Don't drop groups since they are global to the cluster - just remove all the users we care about instead
* stuart.bishop@canonical.com/launchpad--devel--1--patch-233
'read' and 'admin' groups now automatically maintained
* stuart.bishop@canonical.com/launchpad--devel--1--patch-234
Raise an exception if we have no security settings for a table or view
* stuart.bishop@canonical.com/launchpad--devel--1--patch-235
Pull dbhost/dbuser code -- need to support PQM
added
removed
database/schema/security.cfg
16
16
public.valid_version(text) = EXECUTE
17
17
public.valid_cve(text) = EXECUTE
18
18
public.sha1(text) = EXECUTE
19
public.you_are_your_own_member() = EXECUTE
20
public.plpgsql_call_handler() =
21
public.plpython_call_handler() =
19
22
20
23
[launchpad]
21
24
# The main Z3 application
22
25
type=user
23
26
groups=write
27
public.bountysubscription = SELECT, INSERT, UPDATE
28
public.emailaddress = SELECT, INSERT, UPDATE, DELETE
29
public.distrobounty = SELECT, INSERT, UPDATE
24
30
public.logintoken = SELECT, INSERT, UPDATE, DELETE
25
31
public.personlanguage = SELECT, INSERT, UPDATE, DELETE
26
32
public.productbounty = SELECT, INSERT, UPDATE
27
33
public.projectbounty = SELECT, INSERT, UPDATE
28
public.distrobounty = SELECT, INSERT, UPDATE
29
34
30
35
[librarian]
31
36
# The librarian only needs access to two tables, which is has exclusive
73
78
groups=write
74
79
#public.pushmirroraccess = SELECT, INSERT, UPDATE
75
80
81
[bob]
82
type=user
83
84
[fiera]
85
type=user
86
public.buildqueue = SELECT, INSERT, UPDATE, DELETE
87
88
76
89
[write]
77
90
type=group
78
91
# Full access except for tables that are exclusively updated by
203
216
public.vsourcepackagereleasepublishing = SELECT
204
217
public.wikiname = SELECT, INSERT, UPDATE
205
218
206
[read]
219
# This group is now created automatically
207
220
# Readonly access to everything
208
type=group
209
public.archarchive = SELECT
210
public.archarchivelocation = SELECT
211
public.archarchivelocationsigner = SELECT
212
public.archconfig = SELECT
213
public.archconfigentry = SELECT
214
public.archnamespace = SELECT
215
public.archuserid = SELECT
216
public.binarypackage = SELECT
217
public.binarypackagefile = SELECT
218
public.binarypackagefilepublishing = SELECT
219
public.binarypackagename = SELECT
220
public.binarypackagepublishingview = SELECT
221
public.bounty = SELECT
222
public.branch = SELECT
223
public.branchlabel = SELECT
224
public.branchrelationship = SELECT
225
public.bug = SELECT
226
public.bugactivity = SELECT
227
public.bugattachment = SELECT
228
public.bugexternalref = SELECT
229
public.buglabel = SELECT
230
public.bugmessage = SELECT
231
public.bugpackageinfestation = SELECT
232
public.bugproductinfestation = SELECT
233
public.bugrelationship = SELECT
234
public.bugsubscription = SELECT
235
public.bugtask = SELECT
236
public.bugtracker = SELECT
237
public.bugtrackertype = SELECT
238
public.bugwatch = SELECT
239
public.build = SELECT
240
public.builder = SELECT
241
public.changeset = SELECT
242
public.changesetfile = SELECT
243
public.changesetfilehash = SELECT
244
public.changesetfilename = SELECT
245
public.component = SELECT
246
public.componentselection = SELECT
247
public.country = SELECT
248
public.cveref = SELECT
249
public.distribution = SELECT
250
public.distroarchrelease = SELECT
251
public.distrorelease = SELECT
252
public.distroreleasequeue = SELECT
253
public.distroreleasequeuebuild = SELECT
254
public.distroreleasequeuesource = SELECT
255
public.emailaddress = SELECT
256
public.gpgkey = SELECT
257
public.ircid = SELECT
258
public.jabberid = SELECT
259
public.karma = SELECT
260
public.label = SELECT
261
public.language = SELECT
262
public.launchpaddatabaserevision = SELECT
263
public.libraryfilealias = SELECT
264
public.libraryfilecontent = SELECT
265
public.license = SELECT
266
public.logintoken = SELECT
267
public.manifest = SELECT
268
public.manifestentry = SELECT
269
public.mirror = SELECT
270
public.mirrorcontent = SELECT
271
public.mirrorsourcecontent = SELECT
272
public.teammembership = SELECT
273
public.message = SELECT
274
public.milestone = SELECT
275
public.osfile = SELECT
276
public.osfileinpackage = SELECT
277
public.packagepublishing = SELECT
278
public.packageselection = SELECT
279
public.packaging = SELECT
280
public.person = SELECT
281
public.personlabel = SELECT
282
public.personlanguage = SELECT
283
public.pocomment = SELECT
284
public.pofile = SELECT
285
public.pomsgid = SELECT
286
public.pomsgidsighting = SELECT
287
public.pomsgset = SELECT
288
public.posubscription = SELECT
289
public.potemplate = SELECT
290
public.potemplatename = SELECT
291
public.potmsgset = SELECT
292
public.potranslation = SELECT
293
public.potranslationsighting = SELECT
294
public.processor = SELECT
295
public.processorfamily = SELECT
296
public.product = SELECT
297
public.productbkbranch = SELECT
298
public.productbranchrelationship = SELECT
299
public.productbugassignment = SELECT
300
public.productcvsmodule = SELECT
301
public.productlabel = SELECT
302
public.productrelease = SELECT
303
public.productreleasefile = SELECT
304
public.productseries = SELECT
305
public.productsvnmodule = SELECT
306
public.project = SELECT
307
public.projectbugtracker = SELECT
308
public.projectrelationship = SELECT
309
public.publishedpackageview = SELECT
310
public.pushmirroraccess = SELECT
311
public.schema = SELECT
312
public.section = SELECT
313
public.sectionselection = SELECT
314
public.signedcodeofconduct = SELECT
315
public.sourcepackage = SELECT
316
public.sourcepackagebugassignment = SELECT
317
public.sourcepackagefilepublishing = SELECT
318
public.sourcepackage = SELECT
319
public.sourcepackagebugassignment = SELECT
320
public.sourcepackagefilepublishing = SELECT
321
public.sourcepackagelabel = SELECT
322
public.sourcepackagename = SELECT
323
public.sourcepackagepublishing = SELECT
324
public.sourcepackagepublishingview = SELECT
325
public.sourcepackagerelationship = SELECT
326
public.sourcepackagerelease = SELECT
327
public.sourcepackagereleasefile = SELECT
328
public.sourcesource = SELECT
329
public.spokenin = SELECT
330
public.sshkey = SELECT
331
public.teamparticipation = SELECT
332
public.translationeffort = SELECT
333
public.translationeffortpotemplate = SELECT
334
public.vsourcepackageindistro = SELECT
335
public.vsourcepackagereleasepublishing = SELECT
336
public.wikiname = SELECT
221
#[read]
222
#type=group
337
223
338
[admin]
224
# This group is now created automatically
339
225
# Full access to everything.
340
# TODO: This should be done automatically. StuartBishop 2005-02-07
341
type=group
342
public.archarchive = ALL
343
public.archarchivelocation = ALL
344
public.archarchivelocationsigner = ALL
345
public.archconfig = ALL
346
public.archconfigentry = ALL
347
public.archnamespace = ALL
348
public.archuserid = ALL
349
public.binarypackage = ALL
350
public.binarypackagefile = ALL
351
public.binarypackagefilepublishing = ALL
352
public.binarypackagename = ALL
353
public.binarypackagepublishingview = ALL
354
public.bounty = ALL
355
public.branch = ALL
356
public.branchlabel = ALL
357
public.branchrelationship = ALL
358
public.bug = ALL
359
public.bugactivity = ALL
360
public.bugattachment = ALL
361
public.bugexternalref = ALL
362
public.buglabel = ALL
363
public.bugmessage = ALL
364
public.bugpackageinfestation = ALL
365
public.bugproductinfestation = ALL
366
public.bugrelationship = ALL
367
public.bugsubscription = ALL
368
public.bugtask = ALL
369
public.bugtracker = ALL
370
public.bugtrackertype = ALL
371
public.bugwatch = ALL
372
public.build = ALL
373
public.builder = ALL
374
public.changeset = ALL
375
public.changesetfile = ALL
376
public.changesetfilehash = ALL
377
public.changesetfilename = ALL
378
public.component = ALL
379
public.componentselection = ALL
380
public.country = ALL
381
public.cveref = ALL
382
public.distribution = ALL
383
public.distroarchrelease = ALL
384
public.distrorelease = ALL
385
public.distroreleasequeue = ALL
386
public.distroreleasequeuebuild = ALL
387
public.distroreleasequeuesource = ALL
388
public.emailaddress = ALL
389
public.gpgkey = ALL
390
public.ircid = ALL
391
public.jabberid = ALL
392
public.karma = ALL
393
public.label = ALL
394
public.language = ALL
395
public.launchpaddatabaserevision = ALL
396
public.libraryfilealias = ALL
397
public.libraryfilecontent = ALL
398
public.license = ALL
399
public.logintoken = ALL
400
public.manifest = ALL
401
public.manifestentry = ALL
402
public.mirror = ALL
403
public.mirrorcontent = ALL
404
public.mirrorsourcecontent = ALL
405
public.teammembership = ALL
406
public.message = ALL
407
public.milestone = ALL
408
public.osfile = ALL
409
public.osfileinpackage = ALL
410
public.packagepublishing = ALL
411
public.packageselection = ALL
412
public.packaging = ALL
413
public.person = ALL
414
public.personlabel = ALL
415
public.personlanguage = ALL
416
public.pocomment = ALL
417
public.pofile = ALL
418
public.pomsgid = ALL
419
public.pomsgidsighting = ALL
420
public.pomsgset = ALL
421
public.posubscription = ALL
422
public.potemplate = ALL
423
public.potemplatename = ALL
424
public.potmsgset = ALL
425
public.potranslation = ALL
426
public.potranslationsighting = ALL
427
public.processor = ALL
428
public.processorfamily = ALL
429
public.product = ALL
430
public.productbkbranch = ALL
431
public.productbranchrelationship = ALL
432
public.productbugassignment = ALL
433
public.productcvsmodule = ALL
434
public.productlabel = ALL
435
public.productrelease = ALL
436
public.productreleasefile = ALL
437
public.productseries = ALL
438
public.productsvnmodule = ALL
439
public.project = ALL
440
public.projectbugtracker = ALL
441
public.projectrelationship = ALL
442
public.publishedpackageview = ALL
443
public.pushmirroraccess = ALL
444
public.schema = ALL
445
public.section = ALL
446
public.sectionselection = ALL
447
public.signedcodeofconduct = ALL
448
public.sourcepackage = ALL
449
public.sourcepackagebugassignment = ALL
450
public.sourcepackagefilepublishing = ALL
451
public.sourcepackagelabel = ALL
452
public.sourcepackagename = ALL
453
public.sourcepackagepublishing = ALL
454
public.sourcepackagepublishingview = ALL
455
public.sourcepackagerelationship = ALL
456
public.sourcepackagerelease = ALL
457
public.sourcepackagereleasefile = ALL
458
public.sourcesource = ALL
459
public.spokenin = ALL
460
public.sshkey = ALL
461
public.teamparticipation = ALL
462
public.translationeffort = ALL
463
public.translationeffortpotemplate = ALL
464
public.vsourcepackageindistro = ALL
465
public.vsourcepackagereleasepublishing = ALL
466
public.wikiname = ALL
226
# [admin]
227
# type=group
467
228
Loggerhead is a web-based interface for Breezy
Version: 2.0.1