-
Notifications
You must be signed in to change notification settings - Fork 32
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Ariana Barzinpour
committed
Dec 23, 2024
1 parent
079f2c5
commit 27c5106
Showing
5 changed files
with
52 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
21 changes: 21 additions & 0 deletions
21
cubedash/summary/roles/postgis/10-prereq-datacube-user.sql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
|
|
||
| -- | ||
| -- This is a stand-alone copy of the built-in datacube odc_user role. | ||
| -- | ||
| -- It's built-in to datacube but optional: | ||
| -- https://github.com/opendatacube/datacube-core/blob/1353bde7e2cc0bb095b53a60351fd5c301d1b3c4/datacube/drivers/postgres/_core.py#L118-L120 | ||
| -- | ||
| -- You do not need to run this file if you already use datacube's | ||
| -- default roles. | ||
| -- | ||
| -- Explorer is a datacube user, and so its roles extend odc_user. | ||
| -- | ||
| begin; | ||
|
|
||
| create role odc_user nologin inherit; | ||
| comment on role odc_user is 'Default read-only datacube user role'; | ||
| grant usage on schema odc to odc_user; | ||
| grant select on all tables in schema odc to odc_user; | ||
| grant execute on function odc.common_timestamp(TEXT) to odc_user; | ||
|
|
||
| commit; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
|
|
||
| -- | ||
| -- Create the three Explorer roles. | ||
| -- | ||
| -- This can be run on an existing host if adding the roles for the first time. | ||
| -- | ||
| begin; | ||
|
|
||
| ----- Explorer Viewer ----- | ||
| -- A read-only user of datacube and explorer | ||
| -- (Suitable for Web interface, cli commands) | ||
| create user explorer_viewer inherit in role odc_user; | ||
| comment on role explorer_viewer is 'Explorer read-only viewer'; | ||
| grant usage on schema cubedash to explorer_viewer; | ||
| grant select on all tables in schema cubedash to explorer_viewer; | ||
|
|
||
| ----- Explorer Generator ----- | ||
| -- Suitable for generating and updating summaries | ||
| -- (ie. Running `cubedash-gen`) | ||
| create user explorer_generator inherit in role explorer_viewer; | ||
| comment on role explorer_generator is 'Explorer data summariser (for running cubedash-gen)'; | ||
|
|
||
| ----- Explorer Owner ----- | ||
| -- For creating and updating the schema. | ||
| -- (ie. Running `cubedash-gen --init`) | ||
| create user explorer_owner inherit in role explorer_generator; | ||
| comment on role explorer_owner is 'Explorer schema creator and updater'; | ||
|
|
||
| commit; |
File renamed without changes.
File renamed without changes.