fix(infra): grant audit roles to current_user, not hardcoded portal #60
@@ -41,8 +41,17 @@ ALTER DEFAULT PRIVILEGES FOR ROLE audit_owner IN SCHEMA audit
|
||||
GRANT DELETE ON TABLES TO audit_archiver;
|
||||
|
||||
-- ---------------------------------------------------------------- Dev convenience
|
||||
-- The default `portal` superuser bypasses these grants anyway, but
|
||||
-- granting the audit roles explicitly lets us test role-based access
|
||||
-- with `SET ROLE audit_writer;` etc. from a psql session against the
|
||||
-- dev DB. Production never grants all four to one user.
|
||||
GRANT audit_owner, audit_writer, audit_reader, audit_archiver TO portal;
|
||||
-- The dev superuser (created by Postgres from POSTGRES_USER, default
|
||||
-- `portal` but overridable in infra/local/.env) bypasses these grants
|
||||
-- anyway, but granting the audit roles explicitly lets us test
|
||||
-- role-based access with `SET ROLE audit_writer;` etc. from a psql
|
||||
-- session against the dev DB.
|
||||
--
|
||||
-- `current_user` resolves at script execution time to whoever is
|
||||
-- running the init SQL — i.e. the superuser created from POSTGRES_USER,
|
||||
-- whatever its name happens to be. Hard-coding `portal` here was
|
||||
-- wrong: it broke any setup where the contributor changed
|
||||
-- POSTGRES_USER in their .env.
|
||||
--
|
||||
-- Production never grants all four roles to one user.
|
||||
GRANT audit_owner, audit_writer, audit_reader, audit_archiver TO current_user;
|
||||
|
||||
Reference in New Issue
Block a user