Commit 9c1a4147 authored by Micaël Bergeron's avatar Micaël Bergeron

fix the USAGE grant to be on the SCHEMA

parent 0ebbb663
......@@ -160,12 +160,16 @@ def ensure_schema_exists(db_conn, schema_name):
create_schema = psycopg2.sql.SQL("CREATE SCHEMA IF NOT EXISTS {}").format(schema_identifier)
cursor.execute(create_schema)
for group_identifier in map(psycopg2.sql.Identifier, ("readonly", "analytics")):
grant_usage_schema = psycopg2.sql.SQL("ALTER DEFAULT PRIVILEGES IN SCHEMA {} GRANT USAGE ON TABLES TO {}").format(schema_identifier, group_identifier)
grant_select_schema = psycopg2.sql.SQL("ALTER DEFAULT PRIVILEGES IN SCHEMA {} GRANT SELECT ON TABLES TO {}").format(schema_identifier, group_identifier)
group_identifiers = psycopg2.sql.SQL(",").join(
map(psycopg2.sql.Identifier, ("readonly", "analytics"))
)
grant_select_schema = psycopg2.sql.SQL("ALTER DEFAULT PRIVILEGES IN SCHEMA {} GRANT SELECT ON TABLES TO {}").format(schema_identifier, group_identifiers)
grant_usage_schema = psycopg2.sql.SQL("GRANT USAGE ON SCHEMA {} TO {}").format(schema_identifier, group_identifiers)
cursor.execute(grant_usage_schema)
cursor.execute(grant_select_schema)
cursor.execute(grant_select_schema)
cursor.execute(grant_usage_schema)
db_conn.commit()
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment