1 changed files with 156 additions and 31 deletions
@ -1,39 +1,164 @@ |
|||
DROP USER IF EXISTS 'flavoursSimpleUser'@'localhost'; |
|||
DROP USER IF EXISTS 'flavoursSimpleUser'@'%'; |
|||
DROP USER IF EXISTS 'flavoursModerator'@'localhost'; |
|||
DROP USER IF EXISTS 'flavoursModerator'@'%'; |
|||
DROP USER IF EXISTS 'flavoursOwner'@'localhost'; |
|||
DROP USER IF EXISTS 'flavoursOwner'@'%'; |
|||
FLUSH PRIVILEGES; |
|||
|
|||
# Simple users of the application (aka customers) |
|||
CREATE USER 'user'@'localhost' IDENTIFIED BY 'userPasswd'; |
|||
CREATE USER 'user'@'%' IDENTIFIED BY 'userPasswd'; |
|||
|
|||
# Users can access, add and update rows for all the tables |
|||
GRANT SELECT, INSERT, UPDATE ON flavours_without_borders.* TO 'user'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE ON flavours_without_borders.* TO 'user'@'%'; |
|||
# except the columns that indicate whether a restaurant/food/drink/diet is approved or not |
|||
REVOKE SELECT, INSERT, UPDATE (restaurant_is_approved) ON flavours_without_borders.restaurant FROM 'user'@'localhost'; |
|||
REVOKE SELECT, INSERT, UPDATE (restaurant_is_approved) ON flavours_without_borders.restaurant FROM 'user'@'%'; |
|||
REVOKE SELECT, INSERT, UPDATE (food_is_approved) ON flavours_without_borders.food FROM 'user'@'localhost'; |
|||
REVOKE SELECT, INSERT, UPDATE (food_is_approved) ON flavours_without_borders.food FROM 'user'@'%'; |
|||
REVOKE SELECT, INSERT, UPDATE (drink_is_approved) ON flavours_without_borders.drink FROM 'user'@'localhost'; |
|||
REVOKE SELECT, INSERT, UPDATE (drink_is_approved) ON flavours_without_borders.drink FROM 'user'@'%'; |
|||
REVOKE SELECT, INSERT, UPDATE (diet_is_approved) ON flavours_without_borders.diet FROM 'user'@'localhost'; |
|||
REVOKE SELECT, INSERT, UPDATE (diet_is_approved) ON flavours_without_borders.diet FROM 'user'@'%'; |
|||
CREATE USER 'flavoursSimpleUser'@'localhost' IDENTIFIED BY 'flavoursSimpleUserPasswd'; |
|||
CREATE USER 'flavoursSimpleUser'@'%' IDENTIFIED BY 'flavoursSimpleUserPasswd'; |
|||
|
|||
# Customers should not be able to access the columns that indicate whether a restaurant/food/drink/diet is approved or not |
|||
# we need to grant column-based privileges on these tables |
|||
GRANT SELECT, INSERT, UPDATE (`restaurant_id`, `restaurant_name`, `restaurant_category`, `restaurant_longitude`, |
|||
`restaurant_latitude`, `restaurant_opening`, `restaurant_closing`) |
|||
ON flavours_without_borders.restaurant TO 'flavoursSimpleUser'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE (`restaurant_id`, `restaurant_name`, `restaurant_category`, `restaurant_longitude`, |
|||
`restaurant_latitude`, `restaurant_opening`, `restaurant_closing`) |
|||
ON flavours_without_borders.restaurant TO 'flavoursSimpleUser'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE (`food_id`, `food_name`, `food_description`, `food_calories`, `restaurant_id`) |
|||
ON flavours_without_borders.food TO 'flavoursSimpleUser'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE (`food_id`, `food_name`, `food_description`, `food_calories`, `restaurant_id`) |
|||
ON flavours_without_borders.food TO 'flavoursSimpleUser'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE (`drink_id`, `drink_name`, `drink_description`, `drink_has_alcohol`, `restaurant_id`) |
|||
ON flavours_without_borders.drink TO 'flavoursSimpleUser'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE (`drink_id`, `drink_name`, `drink_description`, `drink_has_alcohol`, `restaurant_id`) |
|||
ON flavours_without_borders.drink TO 'flavoursSimpleUser'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE (`diet_id`, `diet_name`, `diet_description`) |
|||
ON flavours_without_borders.diet TO 'flavoursSimpleUser'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE (`diet_id`, `diet_name`, `diet_description`) |
|||
ON flavours_without_borders.diet TO 'flavoursSimpleUser'@'%'; |
|||
|
|||
# Users can alter the rows of all other tables, except those implementing the role based access system |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`diet_prohibits_ingredient` TO 'flavoursSimpleUser'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`diet_prohibits_ingredient` TO 'flavoursSimpleUser'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`drink_has_ingredient` TO 'flavoursSimpleUser'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`drink_has_ingredient` TO 'flavoursSimpleUser'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`food_has_ingredient` TO 'flavoursSimpleUser'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`food_has_ingredient` TO 'flavoursSimpleUser'@'%'; |
|||
|
|||
GRANT SELECT, INSERT ON `flavours_without_borders`.`ingredient` TO 'flavoursSimpleUser'@'localhost'; |
|||
GRANT SELECT, INSERT ON `flavours_without_borders`.`ingredient` TO 'flavoursSimpleUser'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user` TO 'flavoursSimpleUser'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user` TO 'flavoursSimpleUser'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_follows_diet` TO 'flavoursSimpleUser'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_follows_diet` TO 'flavoursSimpleUser'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_prohibits_ingredient` TO 'flavoursSimpleUser'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_prohibits_ingredient` TO 'flavoursSimpleUser'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_drink` TO 'flavoursSimpleUser'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_drink` TO 'flavoursSimpleUser'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_food` TO 'flavoursSimpleUser'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_food` TO 'flavoursSimpleUser'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_restaurant` TO 'flavoursSimpleUser'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_restaurant` TO 'flavoursSimpleUser'@'%'; |
|||
|
|||
# Moderators |
|||
CREATE USER 'moderator'@'localhost' IDENTIFIED BY 'moderatorPasswd'; |
|||
CREATE USER 'moderator'@'%' IDENTIFIED BY 'moderatorPasswd'; |
|||
CREATE USER 'flavoursModerator'@'localhost' IDENTIFIED BY 'flavoursModeratorPasswd'; |
|||
CREATE USER 'flavoursModerator'@'%' IDENTIFIED BY 'flavoursModeratorPasswd'; |
|||
|
|||
# Mods have elevated privileges for all other tables, except those implementing the role based access system |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`diet` TO 'flavoursModerator'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`diet` TO 'flavoursModerator'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`diet_prohibits_ingredient` TO 'flavoursModerator'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`diet_prohibits_ingredient` TO 'flavoursModerator'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`drink` TO 'flavoursModerator'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`drink` TO 'flavoursModerator'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`drink_has_ingredient` TO 'flavoursModerator'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`drink_has_ingredient` TO 'flavoursModerator'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`food` TO 'flavoursModerator'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`food` TO 'flavoursModerator'@'%'; |
|||
|
|||
# Mods have elevated privileges |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON flavours_without_borders.* TO 'moderator'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON flavours_without_borders.* TO 'moderator'@'%'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`food_has_ingredient` TO 'flavoursModerator'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`food_has_ingredient` TO 'flavoursModerator'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`ingredient` TO 'flavoursModerator'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`ingredient` TO 'flavoursModerator'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`restaurant` TO 'flavoursModerator'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`restaurant` TO 'flavoursModerator'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user` TO 'flavoursModerator'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user` TO 'flavoursModerator'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_follows_diet` TO 'flavoursModerator'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_follows_diet` TO 'flavoursModerator'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_prohibits_ingredient` TO 'flavoursModerator'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_prohibits_ingredient` TO 'flavoursModerator'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_drink` TO 'flavoursModerator'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_drink` TO 'flavoursModerator'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_food` TO 'flavoursModerator'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_food` TO 'flavoursModerator'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_restaurant` TO 'flavoursModerator'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_restaurant` TO 'flavoursModerator'@'%'; |
|||
|
|||
# Owners of restaurants or other stuff (cooks etc.) |
|||
CREATE USER 'owner'@'localhost' IDENTIFIED BY 'ownerPasswd'; |
|||
CREATE USER 'owner'@'%' IDENTIFIED BY 'ownerPasswd'; |
|||
|
|||
# Owners can access, add and update rows for all the tables |
|||
GRANT SELECT, INSERT, UPDATE ON flavours_without_borders.* TO 'user'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE ON flavours_without_borders.* TO 'user'@'%'; |
|||
# except the columns that indicate whether a restaurant/diet is approved or not |
|||
REVOKE SELECT, INSERT, UPDATE (restaurant_is_approved) ON flavours_without_borders.restaurant FROM 'user'@'localhost'; |
|||
REVOKE SELECT, INSERT, UPDATE (restaurant_is_approved) ON flavours_without_borders.restaurant FROM 'user'@'%'; |
|||
REVOKE SELECT, INSERT, UPDATE (diet_is_approved) ON flavours_without_borders.diet FROM 'user'@'localhost'; |
|||
REVOKE SELECT, INSERT, UPDATE (diet_is_approved) ON flavours_without_borders.diet FROM 'user'@'%'; |
|||
CREATE USER 'flavoursOwner'@'localhost' IDENTIFIED BY 'flavoursOwnerPasswd'; |
|||
CREATE USER 'flavoursOwner'@'%' IDENTIFIED BY 'flavoursOwnerPasswd'; |
|||
|
|||
# Owners should not be able to access the columns that indicate whether a restaurant/diet is approved or not |
|||
# we need to grant column-based privileges on these tables |
|||
GRANT SELECT, INSERT, UPDATE (`restaurant_id`, `restaurant_name`, `restaurant_category`, `restaurant_longitude`, |
|||
`restaurant_latitude`, `restaurant_opening`, `restaurant_closing`) |
|||
ON flavours_without_borders.restaurant TO 'flavoursOwner'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE (`restaurant_id`, `restaurant_name`, `restaurant_category`, `restaurant_longitude`, |
|||
`restaurant_latitude`, `restaurant_opening`, `restaurant_closing`) |
|||
ON flavours_without_borders.restaurant TO 'flavoursOwner'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE (`diet_id`, `diet_name`, `diet_description`) |
|||
ON flavours_without_borders.diet TO 'flavoursOwner'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE (`diet_id`, `diet_name`, `diet_description`) |
|||
ON flavours_without_borders.diet TO 'flavoursOwner'@'%'; |
|||
|
|||
# Owners can alter the rows of all other tables, except those implementing the role based access system |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`diet_prohibits_ingredient` TO 'flavoursOwner'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`diet_prohibits_ingredient` TO 'flavoursOwner'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`drink_has_ingredient` TO 'flavoursOwner'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`drink_has_ingredient` TO 'flavoursOwner'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`food_has_ingredient` TO 'flavoursOwner'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`food_has_ingredient` TO 'flavoursOwner'@'%'; |
|||
|
|||
GRANT SELECT, INSERT ON `flavours_without_borders`.`ingredient` TO 'flavoursOwner'@'localhost'; |
|||
GRANT SELECT, INSERT ON `flavours_without_borders`.`ingredient` TO 'flavoursOwner'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user` TO 'flavoursOwner'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user` TO 'flavoursOwner'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_follows_diet` TO 'flavoursOwner'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_follows_diet` TO 'flavoursOwner'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_prohibits_ingredient` TO 'flavoursOwner'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_prohibits_ingredient` TO 'flavoursOwner'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_drink` TO 'flavoursOwner'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_drink` TO 'flavoursOwner'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_food` TO 'flavoursOwner'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_food` TO 'flavoursOwner'@'%'; |
|||
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_restaurant` TO 'flavoursOwner'@'localhost'; |
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON `flavours_without_borders`.`user_rates_restaurant` TO 'flavoursOwner'@'%'; |
|||
|
|||
# They can however view and alter the columns that indicate whether a food/drink is approved or not! |
|||
Loading…
Reference in new issue