1 changed files with 156 additions and 31 deletions
@ -1,39 +1,164 @@ |
|||||
|
DROP USER IF EXISTS 'flavoursSimpleUser'@'localhost'; |
||||
|
DROP USER IF EXISTS 'flavoursSimpleUser'@'%'; |
||||
|
DROP USER IF EXISTS 'flavoursModerator'@'localhost'; |
||||
|
DROP USER IF EXISTS 'flavoursModerator'@'%'; |
||||
|
DROP USER IF EXISTS 'flavoursOwner'@'localhost'; |
||||
|
DROP USER IF EXISTS 'flavoursOwner'@'%'; |
||||
|
FLUSH PRIVILEGES; |
||||
|
|
||||
# Simple users of the application (aka customers) |
# Simple users of the application (aka customers) |
||||
CREATE USER 'user'@'localhost' IDENTIFIED BY 'userPasswd'; |
CREATE USER 'flavoursSimpleUser'@'localhost' IDENTIFIED BY 'flavoursSimpleUserPasswd'; |
||||
CREATE USER 'user'@'%' IDENTIFIED BY 'userPasswd'; |
CREATE USER 'flavoursSimpleUser'@'%' IDENTIFIED BY 'flavoursSimpleUserPasswd'; |
||||
|
|
||||
# Users can access, add and update rows for all the tables |
# Customers should not be able to access the columns that indicate whether a restaurant/food/drink/diet is approved or not |
||||
GRANT SELECT, INSERT, UPDATE ON flavours_without_borders.* TO 'user'@'localhost'; |
# we need to grant column-based privileges on these tables |
||||
GRANT SELECT, INSERT, UPDATE ON flavours_without_borders.* TO 'user'@'%'; |
GRANT SELECT, INSERT, UPDATE (`restaurant_id`, `restaurant_name`, `restaurant_category`, `restaurant_longitude`, |
||||
# except the columns that indicate whether a restaurant/food/drink/diet is approved or not |
`restaurant_latitude`, `restaurant_opening`, `restaurant_closing`) |
||||
REVOKE SELECT, INSERT, UPDATE (restaurant_is_approved) ON flavours_without_borders.restaurant FROM 'user'@'localhost'; |
ON flavours_without_borders.restaurant TO 'flavoursSimpleUser'@'localhost'; |
||||
REVOKE SELECT, INSERT, UPDATE (restaurant_is_approved) ON flavours_without_borders.restaurant FROM 'user'@'%'; |
GRANT SELECT, INSERT, UPDATE (`restaurant_id`, `restaurant_name`, `restaurant_category`, `restaurant_longitude`, |
||||
REVOKE SELECT, INSERT, UPDATE (food_is_approved) ON flavours_without_borders.food FROM 'user'@'localhost'; |
`restaurant_latitude`, `restaurant_opening`, `restaurant_closing`) |
||||
REVOKE SELECT, INSERT, UPDATE (food_is_approved) ON flavours_without_borders.food FROM 'user'@'%'; |
ON flavours_without_borders.restaurant TO 'flavoursSimpleUser'@'%'; |
||||
REVOKE SELECT, INSERT, UPDATE (drink_is_approved) ON flavours_without_borders.drink FROM 'user'@'localhost'; |
|
||||
REVOKE SELECT, INSERT, UPDATE (drink_is_approved) ON flavours_without_borders.drink FROM 'user'@'%'; |
GRANT SELECT, INSERT, UPDATE (`food_id`, `food_name`, `food_description`, `food_calories`, `restaurant_id`) |
||||
REVOKE SELECT, INSERT, UPDATE (diet_is_approved) ON flavours_without_borders.diet FROM 'user'@'localhost'; |
ON flavours_without_borders.food TO 'flavoursSimpleUser'@'localhost'; |
||||
REVOKE SELECT, INSERT, UPDATE (diet_is_approved) ON flavours_without_borders.diet FROM 'user'@'%'; |
GRANT SELECT, INSERT, UPDATE (`food_id`, `food_name`, `food_description`, `food_calories`, `restaurant_id`) |
||||
|
ON flavours_without_borders.food TO 'flavoursSimpleUser'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE (`drink_id`, `drink_name`, `drink_description`, `drink_has_alcohol`, `restaurant_id`) |
||||
|
ON flavours_without_borders.drink TO 'flavoursSimpleUser'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE (`drink_id`, `drink_name`, `drink_description`, `drink_has_alcohol`, `restaurant_id`) |
||||
|
ON flavours_without_borders.drink TO 'flavoursSimpleUser'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE (`diet_id`, `diet_name`, `diet_description`) |
||||
|
ON flavours_without_borders.diet TO 'flavoursSimpleUser'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE (`diet_id`, `diet_name`, `diet_description`) |
||||
|
ON flavours_without_borders.diet TO 'flavoursSimpleUser'@'%'; |
||||
|
|
||||
|
# Users can alter the rows of all other tables, except those implementing the role based access system |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`diet_prohibits_ingredient` TO 'flavoursSimpleUser'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`diet_prohibits_ingredient` TO 'flavoursSimpleUser'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`drink_has_ingredient` TO 'flavoursSimpleUser'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`drink_has_ingredient` TO 'flavoursSimpleUser'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`food_has_ingredient` TO 'flavoursSimpleUser'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`food_has_ingredient` TO 'flavoursSimpleUser'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT ON `flavours_without_borders`.`ingredient` TO 'flavoursSimpleUser'@'localhost'; |
||||
|
GRANT SELECT, INSERT ON `flavours_without_borders`.`ingredient` TO 'flavoursSimpleUser'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user` TO 'flavoursSimpleUser'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user` TO 'flavoursSimpleUser'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_follows_diet` TO 'flavoursSimpleUser'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_follows_diet` TO 'flavoursSimpleUser'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_prohibits_ingredient` TO 'flavoursSimpleUser'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_prohibits_ingredient` TO 'flavoursSimpleUser'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_drink` TO 'flavoursSimpleUser'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_drink` TO 'flavoursSimpleUser'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_food` TO 'flavoursSimpleUser'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_food` TO 'flavoursSimpleUser'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_restaurant` TO 'flavoursSimpleUser'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_restaurant` TO 'flavoursSimpleUser'@'%'; |
||||
|
|
||||
# Moderators |
# Moderators |
||||
CREATE USER 'moderator'@'localhost' IDENTIFIED BY 'moderatorPasswd'; |
CREATE USER 'flavoursModerator'@'localhost' IDENTIFIED BY 'flavoursModeratorPasswd'; |
||||
CREATE USER 'moderator'@'%' IDENTIFIED BY 'moderatorPasswd'; |
CREATE USER 'flavoursModerator'@'%' IDENTIFIED BY 'flavoursModeratorPasswd'; |
||||
|
|
||||
|
# Mods have elevated privileges for all other tables, except those implementing the role based access system |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`diet` TO 'flavoursModerator'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`diet` TO 'flavoursModerator'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`diet_prohibits_ingredient` TO 'flavoursModerator'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`diet_prohibits_ingredient` TO 'flavoursModerator'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`drink` TO 'flavoursModerator'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`drink` TO 'flavoursModerator'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`drink_has_ingredient` TO 'flavoursModerator'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`drink_has_ingredient` TO 'flavoursModerator'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`food` TO 'flavoursModerator'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`food` TO 'flavoursModerator'@'%'; |
||||
|
|
||||
# Mods have elevated privileges |
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`food_has_ingredient` TO 'flavoursModerator'@'localhost'; |
||||
GRANT SELECT, INSERT, UPDATE, DELETE ON flavours_without_borders.* TO 'moderator'@'localhost'; |
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`food_has_ingredient` TO 'flavoursModerator'@'%'; |
||||
GRANT SELECT, INSERT, UPDATE, DELETE ON flavours_without_borders.* TO 'moderator'@'%'; |
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`ingredient` TO 'flavoursModerator'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`ingredient` TO 'flavoursModerator'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`restaurant` TO 'flavoursModerator'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`restaurant` TO 'flavoursModerator'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user` TO 'flavoursModerator'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user` TO 'flavoursModerator'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_follows_diet` TO 'flavoursModerator'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_follows_diet` TO 'flavoursModerator'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_prohibits_ingredient` TO 'flavoursModerator'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_prohibits_ingredient` TO 'flavoursModerator'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_drink` TO 'flavoursModerator'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_drink` TO 'flavoursModerator'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_food` TO 'flavoursModerator'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_food` TO 'flavoursModerator'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_restaurant` TO 'flavoursModerator'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_restaurant` TO 'flavoursModerator'@'%'; |
||||
|
|
||||
# Owners of restaurants or other stuff (cooks etc.) |
# Owners of restaurants or other stuff (cooks etc.) |
||||
CREATE USER 'owner'@'localhost' IDENTIFIED BY 'ownerPasswd'; |
CREATE USER 'flavoursOwner'@'localhost' IDENTIFIED BY 'flavoursOwnerPasswd'; |
||||
CREATE USER 'owner'@'%' IDENTIFIED BY 'ownerPasswd'; |
CREATE USER 'flavoursOwner'@'%' IDENTIFIED BY 'flavoursOwnerPasswd'; |
||||
|
|
||||
# Owners can access, add and update rows for all the tables |
# Owners should not be able to access the columns that indicate whether a restaurant/diet is approved or not |
||||
GRANT SELECT, INSERT, UPDATE ON flavours_without_borders.* TO 'user'@'localhost'; |
# we need to grant column-based privileges on these tables |
||||
GRANT SELECT, INSERT, UPDATE ON flavours_without_borders.* TO 'user'@'%'; |
GRANT SELECT, INSERT, UPDATE (`restaurant_id`, `restaurant_name`, `restaurant_category`, `restaurant_longitude`, |
||||
# except the columns that indicate whether a restaurant/diet is approved or not |
`restaurant_latitude`, `restaurant_opening`, `restaurant_closing`) |
||||
REVOKE SELECT, INSERT, UPDATE (restaurant_is_approved) ON flavours_without_borders.restaurant FROM 'user'@'localhost'; |
ON flavours_without_borders.restaurant TO 'flavoursOwner'@'localhost'; |
||||
REVOKE SELECT, INSERT, UPDATE (restaurant_is_approved) ON flavours_without_borders.restaurant FROM 'user'@'%'; |
GRANT SELECT, INSERT, UPDATE (`restaurant_id`, `restaurant_name`, `restaurant_category`, `restaurant_longitude`, |
||||
REVOKE SELECT, INSERT, UPDATE (diet_is_approved) ON flavours_without_borders.diet FROM 'user'@'localhost'; |
`restaurant_latitude`, `restaurant_opening`, `restaurant_closing`) |
||||
REVOKE SELECT, INSERT, UPDATE (diet_is_approved) ON flavours_without_borders.diet FROM 'user'@'%'; |
ON flavours_without_borders.restaurant TO 'flavoursOwner'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE (`diet_id`, `diet_name`, `diet_description`) |
||||
|
ON flavours_without_borders.diet TO 'flavoursOwner'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE (`diet_id`, `diet_name`, `diet_description`) |
||||
|
ON flavours_without_borders.diet TO 'flavoursOwner'@'%'; |
||||
|
|
||||
|
# Owners can alter the rows of all other tables, except those implementing the role based access system |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`diet_prohibits_ingredient` TO 'flavoursOwner'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`diet_prohibits_ingredient` TO 'flavoursOwner'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`drink_has_ingredient` TO 'flavoursOwner'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`drink_has_ingredient` TO 'flavoursOwner'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`food_has_ingredient` TO 'flavoursOwner'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`food_has_ingredient` TO 'flavoursOwner'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT ON `flavours_without_borders`.`ingredient` TO 'flavoursOwner'@'localhost'; |
||||
|
GRANT SELECT, INSERT ON `flavours_without_borders`.`ingredient` TO 'flavoursOwner'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user` TO 'flavoursOwner'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user` TO 'flavoursOwner'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_follows_diet` TO 'flavoursOwner'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_follows_diet` TO 'flavoursOwner'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_prohibits_ingredient` TO 'flavoursOwner'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_prohibits_ingredient` TO 'flavoursOwner'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_drink` TO 'flavoursOwner'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_drink` TO 'flavoursOwner'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_food` TO 'flavoursOwner'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_food` TO 'flavoursOwner'@'%'; |
||||
|
|
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_restaurant` TO 'flavoursOwner'@'localhost'; |
||||
|
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_restaurant` TO 'flavoursOwner'@'%'; |
||||
|
|
||||
# They can however view and alter the columns that indicate whether a food/drink is approved or not! |
# They can however view and alter the columns that indicate whether a food/drink is approved or not! |
||||
Loading…
Reference in new issue