From b85a8ffa2c40f85f60fefa84105e925a163926ce Mon Sep 17 00:00:00 2001 From: Karl Levik Date: Mon, 20 Jan 2020 13:30:51 +0000 Subject: [PATCH] New role for importing data --- build.sh | 1 + grants/ispyb_import.sql | 15 +++++++++++++++ 2 files changed, 16 insertions(+) create mode 100644 grants/ispyb_import.sql diff --git a/build.sh b/build.sh index 814cb906..938e42f9 100755 --- a/build.sh +++ b/build.sh @@ -27,6 +27,7 @@ then mysql --defaults-file=.my.cnf -D $db < grants/ispyb_acquisition.sql mysql --defaults-file=.my.cnf -D $db < grants/ispyb_processing.sql mysql --defaults-file=.my.cnf -D $db < grants/ispyb_web.sql + mysql --defaults-file=.my.cnf -D $db < grants/ispyb_import.sql # Verify that all update .sql files have been run, if not exit with message all_sql_files=`cd schema/updates && ls *.sql && cd ../..` diff --git a/grants/ispyb_import.sql b/grants/ispyb_import.sql new file mode 100644 index 00000000..176c5961 --- /dev/null +++ b/grants/ispyb_import.sql @@ -0,0 +1,15 @@ +-- Create the import application role. +CREATE ROLE IF NOT EXISTS ispyb_import; + +-- You must also create a database user and grant this role to them, e.g. +-- CREATE USER ispyb_uo@'%' IDENTIFIED BY 'the_uo_password'; +-- GRANT ispyb_import TO ispyb_uo@'%'; +-- SET DEFAULT ROLE ispyb_import FOR ispyb_uo@'%'; + +-- Grants for ispyb_processing +GRANT SELECT ON AdminVar TO 'ispyb_import'; -- Hack TO allow ispyb_import to connect through MaxScale +GRANT EXECUTE ON PROCEDURE retrieve_container_for_barcode TO 'ispyb_import'; +GRANT EXECUTE ON PROCEDURE retrieve_container_for_inspection_id TO 'ispyb_import'; +GRANT EXECUTE ON PROCEDURE retrieve_sample_for_container_id_and_location TO 'ispyb_import'; +GRANT EXECUTE ON PROCEDURE upsert_sample_image TO 'ispyb_import'; +GRANT EXECUTE ON PROCEDURE upsert_sample_image_auto_score TO 'ispyb_import';