RBAC-rebuild #140

Merged
hsh-michaelhoennig merged 6 commits from feature/rbac-rebuild into master 2025-01-02 10:02:54 +01:00
17 changed files with 255 additions and 0 deletions
Showing only changes of commit 68275e2720 - Show all commits

View File

@ -183,11 +183,26 @@ call rbac.generateRbacRestrictedView('rbactest.customer',
--changeset RbacRbacSystemRebuildGenerator:rbactest-customer-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:rbactest-customer-rbac-rebuild endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table rbactest.customer after changing its RBAC specification.
-- --
-- begin transaction; -- begin transaction;
-- call base.defineContext('re-creating RBAC for table rbactest.customer', null, <<insert executing global admin user here>>); -- call base.defineContext('re-creating RBAC for table rbactest.customer', null, <<insert executing global admin user here>>);
-- call rbactest.customer_rebuild_rbac_system(); -- call rbactest.customer_rebuild_rbac_system();
-- commit; -- commit;
--
-- How it works:
-- 1. All grants previously created from the RBAC specification of this table will be deleted.
-- These grants are identified by `rbactest.customer.grantedByTriggerOf IS NOT NULL`.
-- User-induced grants (`rbactest.customer.grantedByTriggerOf IS NULL`) are NOT deleted.
-- 2. New role types will be created, but existing role types which are not specified anymore,
-- will NOT be deleted!
-- 3. All newly specified grants will be created.
--
-- IMPORTANT:
-- Make sure not to skip any previously defined role-types or you might break indirect grants!
-- E.g. If, in an updated version of the RBAC system for a table, you remove the AGENT role type
-- and now directly grant the TENANT role to the ADMIN role, all external grants to the AGENT role
-- of this table would be in a dead end.
create or replace procedure rbactest.customer_rebuild_rbac_system() create or replace procedure rbactest.customer_rebuild_rbac_system()
language plpgsql as $$ language plpgsql as $$

View File

@ -248,11 +248,26 @@ call rbac.generateRbacRestrictedView('rbactest.package',
--changeset RbacRbacSystemRebuildGenerator:rbactest-package-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:rbactest-package-rbac-rebuild endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table rbactest.package after changing its RBAC specification.
-- --
-- begin transaction; -- begin transaction;
-- call base.defineContext('re-creating RBAC for table rbactest.package', null, <<insert executing global admin user here>>); -- call base.defineContext('re-creating RBAC for table rbactest.package', null, <<insert executing global admin user here>>);
-- call rbactest.package_rebuild_rbac_system(); -- call rbactest.package_rebuild_rbac_system();
-- commit; -- commit;
--
-- How it works:
-- 1. All grants previously created from the RBAC specification of this table will be deleted.
-- These grants are identified by `rbactest.package.grantedByTriggerOf IS NOT NULL`.
-- User-induced grants (`rbactest.package.grantedByTriggerOf IS NULL`) are NOT deleted.
-- 2. New role types will be created, but existing role types which are not specified anymore,
-- will NOT be deleted!
-- 3. All newly specified grants will be created.
--
-- IMPORTANT:
-- Make sure not to skip any previously defined role-types or you might break indirect grants!
-- E.g. If, in an updated version of the RBAC system for a table, you remove the AGENT role type
-- and now directly grant the TENANT role to the ADMIN role, all external grants to the AGENT role
-- of this table would be in a dead end.
create or replace procedure rbactest.package_rebuild_rbac_system() create or replace procedure rbactest.package_rebuild_rbac_system()
language plpgsql as $$ language plpgsql as $$

View File

@ -247,11 +247,26 @@ call rbac.generateRbacRestrictedView('rbactest.domain',
--changeset RbacRbacSystemRebuildGenerator:rbactest-domain-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:rbactest-domain-rbac-rebuild endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table rbactest.domain after changing its RBAC specification.
-- --
-- begin transaction; -- begin transaction;
-- call base.defineContext('re-creating RBAC for table rbactest.domain', null, <<insert executing global admin user here>>); -- call base.defineContext('re-creating RBAC for table rbactest.domain', null, <<insert executing global admin user here>>);
-- call rbactest.domain_rebuild_rbac_system(); -- call rbactest.domain_rebuild_rbac_system();
-- commit; -- commit;
--
-- How it works:
-- 1. All grants previously created from the RBAC specification of this table will be deleted.
-- These grants are identified by `rbactest.domain.grantedByTriggerOf IS NOT NULL`.
-- User-induced grants (`rbactest.domain.grantedByTriggerOf IS NULL`) are NOT deleted.
-- 2. New role types will be created, but existing role types which are not specified anymore,
-- will NOT be deleted!
-- 3. All newly specified grants will be created.
--
-- IMPORTANT:
-- Make sure not to skip any previously defined role-types or you might break indirect grants!
-- E.g. If, in an updated version of the RBAC system for a table, you remove the AGENT role type
-- and now directly grant the TENANT role to the ADMIN role, all external grants to the AGENT role
-- of this table would be in a dead end.
create or replace procedure rbactest.domain_rebuild_rbac_system() create or replace procedure rbactest.domain_rebuild_rbac_system()
language plpgsql as $$ language plpgsql as $$

View File

@ -107,11 +107,26 @@ call rbac.generateRbacRestrictedView('hs_office.contact',
--changeset RbacRbacSystemRebuildGenerator:hs-office-contact-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-office-contact-rbac-rebuild endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_office.contact after changing its RBAC specification.
-- --
-- begin transaction; -- begin transaction;
-- call base.defineContext('re-creating RBAC for table hs_office.contact', null, <<insert executing global admin user here>>); -- call base.defineContext('re-creating RBAC for table hs_office.contact', null, <<insert executing global admin user here>>);
-- call hs_office.contact_rebuild_rbac_system(); -- call hs_office.contact_rebuild_rbac_system();
-- commit; -- commit;
--
-- How it works:
-- 1. All grants previously created from the RBAC specification of this table will be deleted.
-- These grants are identified by `hs_office.contact.grantedByTriggerOf IS NOT NULL`.
-- User-induced grants (`hs_office.contact.grantedByTriggerOf IS NULL`) are NOT deleted.
-- 2. New role types will be created, but existing role types which are not specified anymore,
-- will NOT be deleted!
-- 3. All newly specified grants will be created.
--
-- IMPORTANT:
-- Make sure not to skip any previously defined role-types or you might break indirect grants!
-- E.g. If, in an updated version of the RBAC system for a table, you remove the AGENT role type
-- and now directly grant the TENANT role to the ADMIN role, all external grants to the AGENT role
-- of this table would be in a dead end.
create or replace procedure hs_office.contact_rebuild_rbac_system() create or replace procedure hs_office.contact_rebuild_rbac_system()
language plpgsql as $$ language plpgsql as $$

View File

@ -109,11 +109,26 @@ call rbac.generateRbacRestrictedView('hs_office.person',
--changeset RbacRbacSystemRebuildGenerator:hs-office-person-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-office-person-rbac-rebuild endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_office.person after changing its RBAC specification.
-- --
-- begin transaction; -- begin transaction;
-- call base.defineContext('re-creating RBAC for table hs_office.person', null, <<insert executing global admin user here>>); -- call base.defineContext('re-creating RBAC for table hs_office.person', null, <<insert executing global admin user here>>);
-- call hs_office.person_rebuild_rbac_system(); -- call hs_office.person_rebuild_rbac_system();
-- commit; -- commit;
--
-- How it works:
-- 1. All grants previously created from the RBAC specification of this table will be deleted.
-- These grants are identified by `hs_office.person.grantedByTriggerOf IS NOT NULL`.
-- User-induced grants (`hs_office.person.grantedByTriggerOf IS NULL`) are NOT deleted.
-- 2. New role types will be created, but existing role types which are not specified anymore,
-- will NOT be deleted!
-- 3. All newly specified grants will be created.
--
-- IMPORTANT:
-- Make sure not to skip any previously defined role-types or you might break indirect grants!
-- E.g. If, in an updated version of the RBAC system for a table, you remove the AGENT role type
-- and now directly grant the TENANT role to the ADMIN role, all external grants to the AGENT role
-- of this table would be in a dead end.
create or replace procedure hs_office.person_rebuild_rbac_system() create or replace procedure hs_office.person_rebuild_rbac_system()
language plpgsql as $$ language plpgsql as $$

View File

@ -257,11 +257,26 @@ call rbac.generateRbacRestrictedView('hs_office.relation',
--changeset RbacRbacSystemRebuildGenerator:hs-office-relation-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-office-relation-rbac-rebuild endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_office.relation after changing its RBAC specification.
-- --
-- begin transaction; -- begin transaction;
-- call base.defineContext('re-creating RBAC for table hs_office.relation', null, <<insert executing global admin user here>>); -- call base.defineContext('re-creating RBAC for table hs_office.relation', null, <<insert executing global admin user here>>);
-- call hs_office.relation_rebuild_rbac_system(); -- call hs_office.relation_rebuild_rbac_system();
-- commit; -- commit;
--
-- How it works:
-- 1. All grants previously created from the RBAC specification of this table will be deleted.
-- These grants are identified by `hs_office.relation.grantedByTriggerOf IS NOT NULL`.
-- User-induced grants (`hs_office.relation.grantedByTriggerOf IS NULL`) are NOT deleted.
-- 2. New role types will be created, but existing role types which are not specified anymore,
-- will NOT be deleted!
-- 3. All newly specified grants will be created.
--
-- IMPORTANT:
-- Make sure not to skip any previously defined role-types or you might break indirect grants!
-- E.g. If, in an updated version of the RBAC system for a table, you remove the AGENT role type
-- and now directly grant the TENANT role to the ADMIN role, all external grants to the AGENT role
-- of this table would be in a dead end.
create or replace procedure hs_office.relation_rebuild_rbac_system() create or replace procedure hs_office.relation_rebuild_rbac_system()
language plpgsql as $$ language plpgsql as $$

View File

@ -258,11 +258,26 @@ call rbac.generateRbacRestrictedView('hs_office.partner',
--changeset RbacRbacSystemRebuildGenerator:hs-office-partner-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-office-partner-rbac-rebuild endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_office.partner after changing its RBAC specification.
-- --
-- begin transaction; -- begin transaction;
-- call base.defineContext('re-creating RBAC for table hs_office.partner', null, <<insert executing global admin user here>>); -- call base.defineContext('re-creating RBAC for table hs_office.partner', null, <<insert executing global admin user here>>);
-- call hs_office.partner_rebuild_rbac_system(); -- call hs_office.partner_rebuild_rbac_system();
-- commit; -- commit;
--
-- How it works:
-- 1. All grants previously created from the RBAC specification of this table will be deleted.
-- These grants are identified by `hs_office.partner.grantedByTriggerOf IS NOT NULL`.
-- User-induced grants (`hs_office.partner.grantedByTriggerOf IS NULL`) are NOT deleted.
-- 2. New role types will be created, but existing role types which are not specified anymore,
-- will NOT be deleted!
-- 3. All newly specified grants will be created.
--
-- IMPORTANT:
-- Make sure not to skip any previously defined role-types or you might break indirect grants!
-- E.g. If, in an updated version of the RBAC system for a table, you remove the AGENT role type
-- and now directly grant the TENANT role to the ADMIN role, all external grants to the AGENT role
-- of this table would be in a dead end.
create or replace procedure hs_office.partner_rebuild_rbac_system() create or replace procedure hs_office.partner_rebuild_rbac_system()
language plpgsql as $$ language plpgsql as $$

View File

@ -170,11 +170,26 @@ call rbac.generateRbacRestrictedView('hs_office.partner_details',
--changeset RbacRbacSystemRebuildGenerator:hs-office-partner-details-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-office-partner-details-rbac-rebuild endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_office.partner_details after changing its RBAC specification.
-- --
-- begin transaction; -- begin transaction;
-- call base.defineContext('re-creating RBAC for table hs_office.partner_details', null, <<insert executing global admin user here>>); -- call base.defineContext('re-creating RBAC for table hs_office.partner_details', null, <<insert executing global admin user here>>);
-- call hs_office.partner_details_rebuild_rbac_system(); -- call hs_office.partner_details_rebuild_rbac_system();
-- commit; -- commit;
--
-- How it works:
-- 1. All grants previously created from the RBAC specification of this table will be deleted.
-- These grants are identified by `hs_office.partner_details.grantedByTriggerOf IS NOT NULL`.
-- User-induced grants (`hs_office.partner_details.grantedByTriggerOf IS NULL`) are NOT deleted.
-- 2. New role types will be created, but existing role types which are not specified anymore,
-- will NOT be deleted!
-- 3. All newly specified grants will be created.
--
-- IMPORTANT:
-- Make sure not to skip any previously defined role-types or you might break indirect grants!
-- E.g. If, in an updated version of the RBAC system for a table, you remove the AGENT role type
-- and now directly grant the TENANT role to the ADMIN role, all external grants to the AGENT role
-- of this table would be in a dead end.
create or replace procedure hs_office.partner_details_rebuild_rbac_system() create or replace procedure hs_office.partner_details_rebuild_rbac_system()
language plpgsql as $$ language plpgsql as $$

View File

@ -106,11 +106,26 @@ call rbac.generateRbacRestrictedView('hs_office.bankaccount',
--changeset RbacRbacSystemRebuildGenerator:hs-office-bankaccount-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-office-bankaccount-rbac-rebuild endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_office.bankaccount after changing its RBAC specification.
-- --
-- begin transaction; -- begin transaction;
-- call base.defineContext('re-creating RBAC for table hs_office.bankaccount', null, <<insert executing global admin user here>>); -- call base.defineContext('re-creating RBAC for table hs_office.bankaccount', null, <<insert executing global admin user here>>);
-- call hs_office.bankaccount_rebuild_rbac_system(); -- call hs_office.bankaccount_rebuild_rbac_system();
-- commit; -- commit;
--
-- How it works:
-- 1. All grants previously created from the RBAC specification of this table will be deleted.
-- These grants are identified by `hs_office.bankaccount.grantedByTriggerOf IS NOT NULL`.
-- User-induced grants (`hs_office.bankaccount.grantedByTriggerOf IS NULL`) are NOT deleted.
-- 2. New role types will be created, but existing role types which are not specified anymore,
-- will NOT be deleted!
-- 3. All newly specified grants will be created.
--
-- IMPORTANT:
-- Make sure not to skip any previously defined role-types or you might break indirect grants!
-- E.g. If, in an updated version of the RBAC system for a table, you remove the AGENT role type
-- and now directly grant the TENANT role to the ADMIN role, all external grants to the AGENT role
-- of this table would be in a dead end.
create or replace procedure hs_office.bankaccount_rebuild_rbac_system() create or replace procedure hs_office.bankaccount_rebuild_rbac_system()
language plpgsql as $$ language plpgsql as $$

View File

@ -247,11 +247,26 @@ call rbac.generateRbacRestrictedView('hs_office.debitor',
--changeset RbacRbacSystemRebuildGenerator:hs-office-debitor-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-office-debitor-rbac-rebuild endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_office.debitor after changing its RBAC specification.
-- --
-- begin transaction; -- begin transaction;
-- call base.defineContext('re-creating RBAC for table hs_office.debitor', null, <<insert executing global admin user here>>); -- call base.defineContext('re-creating RBAC for table hs_office.debitor', null, <<insert executing global admin user here>>);
-- call hs_office.debitor_rebuild_rbac_system(); -- call hs_office.debitor_rebuild_rbac_system();
-- commit; -- commit;
--
-- How it works:
-- 1. All grants previously created from the RBAC specification of this table will be deleted.
-- These grants are identified by `hs_office.debitor.grantedByTriggerOf IS NOT NULL`.
-- User-induced grants (`hs_office.debitor.grantedByTriggerOf IS NULL`) are NOT deleted.
-- 2. New role types will be created, but existing role types which are not specified anymore,
-- will NOT be deleted!
-- 3. All newly specified grants will be created.
--
-- IMPORTANT:
-- Make sure not to skip any previously defined role-types or you might break indirect grants!
-- E.g. If, in an updated version of the RBAC system for a table, you remove the AGENT role type
-- and now directly grant the TENANT role to the ADMIN role, all external grants to the AGENT role
-- of this table would be in a dead end.
create or replace procedure hs_office.debitor_rebuild_rbac_system() create or replace procedure hs_office.debitor_rebuild_rbac_system()
language plpgsql as $$ language plpgsql as $$

View File

@ -216,11 +216,26 @@ call rbac.generateRbacRestrictedView('hs_office.sepamandate',
--changeset RbacRbacSystemRebuildGenerator:hs-office-sepamandate-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-office-sepamandate-rbac-rebuild endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_office.sepamandate after changing its RBAC specification.
-- --
-- begin transaction; -- begin transaction;
-- call base.defineContext('re-creating RBAC for table hs_office.sepamandate', null, <<insert executing global admin user here>>); -- call base.defineContext('re-creating RBAC for table hs_office.sepamandate', null, <<insert executing global admin user here>>);
-- call hs_office.sepamandate_rebuild_rbac_system(); -- call hs_office.sepamandate_rebuild_rbac_system();
-- commit; -- commit;
--
-- How it works:
-- 1. All grants previously created from the RBAC specification of this table will be deleted.
-- These grants are identified by `hs_office.sepamandate.grantedByTriggerOf IS NOT NULL`.
-- User-induced grants (`hs_office.sepamandate.grantedByTriggerOf IS NULL`) are NOT deleted.
-- 2. New role types will be created, but existing role types which are not specified anymore,
-- will NOT be deleted!
-- 3. All newly specified grants will be created.
--
-- IMPORTANT:
-- Make sure not to skip any previously defined role-types or you might break indirect grants!
-- E.g. If, in an updated version of the RBAC system for a table, you remove the AGENT role type
-- and now directly grant the TENANT role to the ADMIN role, all external grants to the AGENT role
-- of this table would be in a dead end.
create or replace procedure hs_office.sepamandate_rebuild_rbac_system() create or replace procedure hs_office.sepamandate_rebuild_rbac_system()
language plpgsql as $$ language plpgsql as $$

View File

@ -198,11 +198,26 @@ call rbac.generateRbacRestrictedView('hs_office.membership',
--changeset RbacRbacSystemRebuildGenerator:hs-office-membership-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-office-membership-rbac-rebuild endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_office.membership after changing its RBAC specification.
-- --
-- begin transaction; -- begin transaction;
-- call base.defineContext('re-creating RBAC for table hs_office.membership', null, <<insert executing global admin user here>>); -- call base.defineContext('re-creating RBAC for table hs_office.membership', null, <<insert executing global admin user here>>);
-- call hs_office.membership_rebuild_rbac_system(); -- call hs_office.membership_rebuild_rbac_system();
-- commit; -- commit;
--
-- How it works:
-- 1. All grants previously created from the RBAC specification of this table will be deleted.
-- These grants are identified by `hs_office.membership.grantedByTriggerOf IS NOT NULL`.
-- User-induced grants (`hs_office.membership.grantedByTriggerOf IS NULL`) are NOT deleted.
-- 2. New role types will be created, but existing role types which are not specified anymore,
-- will NOT be deleted!
-- 3. All newly specified grants will be created.
--
-- IMPORTANT:
-- Make sure not to skip any previously defined role-types or you might break indirect grants!
-- E.g. If, in an updated version of the RBAC system for a table, you remove the AGENT role type
-- and now directly grant the TENANT role to the ADMIN role, all external grants to the AGENT role
-- of this table would be in a dead end.
create or replace procedure hs_office.membership_rebuild_rbac_system() create or replace procedure hs_office.membership_rebuild_rbac_system()
language plpgsql as $$ language plpgsql as $$

View File

@ -169,11 +169,26 @@ call rbac.generateRbacRestrictedView('hs_office.coopsharetx',
--changeset RbacRbacSystemRebuildGenerator:hs-office-coopsharetx-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-office-coopsharetx-rbac-rebuild endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_office.coopsharetx after changing its RBAC specification.
-- --
-- begin transaction; -- begin transaction;
-- call base.defineContext('re-creating RBAC for table hs_office.coopsharetx', null, <<insert executing global admin user here>>); -- call base.defineContext('re-creating RBAC for table hs_office.coopsharetx', null, <<insert executing global admin user here>>);
-- call hs_office.coopsharetx_rebuild_rbac_system(); -- call hs_office.coopsharetx_rebuild_rbac_system();
-- commit; -- commit;
--
-- How it works:
-- 1. All grants previously created from the RBAC specification of this table will be deleted.
-- These grants are identified by `hs_office.coopsharetx.grantedByTriggerOf IS NOT NULL`.
-- User-induced grants (`hs_office.coopsharetx.grantedByTriggerOf IS NULL`) are NOT deleted.
-- 2. New role types will be created, but existing role types which are not specified anymore,
-- will NOT be deleted!
-- 3. All newly specified grants will be created.
--
-- IMPORTANT:
-- Make sure not to skip any previously defined role-types or you might break indirect grants!
-- E.g. If, in an updated version of the RBAC system for a table, you remove the AGENT role type
-- and now directly grant the TENANT role to the ADMIN role, all external grants to the AGENT role
-- of this table would be in a dead end.
create or replace procedure hs_office.coopsharetx_rebuild_rbac_system() create or replace procedure hs_office.coopsharetx_rebuild_rbac_system()
language plpgsql as $$ language plpgsql as $$

View File

@ -169,11 +169,26 @@ call rbac.generateRbacRestrictedView('hs_office.coopassettx',
--changeset RbacRbacSystemRebuildGenerator:hs-office-coopassettx-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-office-coopassettx-rbac-rebuild endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_office.coopassettx after changing its RBAC specification.
-- --
-- begin transaction; -- begin transaction;
-- call base.defineContext('re-creating RBAC for table hs_office.coopassettx', null, <<insert executing global admin user here>>); -- call base.defineContext('re-creating RBAC for table hs_office.coopassettx', null, <<insert executing global admin user here>>);
-- call hs_office.coopassettx_rebuild_rbac_system(); -- call hs_office.coopassettx_rebuild_rbac_system();
-- commit; -- commit;
--
-- How it works:
-- 1. All grants previously created from the RBAC specification of this table will be deleted.
-- These grants are identified by `hs_office.coopassettx.grantedByTriggerOf IS NOT NULL`.
-- User-induced grants (`hs_office.coopassettx.grantedByTriggerOf IS NULL`) are NOT deleted.
-- 2. New role types will be created, but existing role types which are not specified anymore,
-- will NOT be deleted!
-- 3. All newly specified grants will be created.
--
-- IMPORTANT:
-- Make sure not to skip any previously defined role-types or you might break indirect grants!
-- E.g. If, in an updated version of the RBAC system for a table, you remove the AGENT role type
-- and now directly grant the TENANT role to the ADMIN role, all external grants to the AGENT role
-- of this table would be in a dead end.
create or replace procedure hs_office.coopassettx_rebuild_rbac_system() create or replace procedure hs_office.coopassettx_rebuild_rbac_system()
language plpgsql as $$ language plpgsql as $$

View File

@ -209,11 +209,26 @@ call rbac.generateRbacRestrictedView('hs_booking.project',
--changeset RbacRbacSystemRebuildGenerator:hs-booking-project-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-booking-project-rbac-rebuild endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_booking.project after changing its RBAC specification.
-- --
-- begin transaction; -- begin transaction;
-- call base.defineContext('re-creating RBAC for table hs_booking.project', null, <<insert executing global admin user here>>); -- call base.defineContext('re-creating RBAC for table hs_booking.project', null, <<insert executing global admin user here>>);
-- call hs_booking.project_rebuild_rbac_system(); -- call hs_booking.project_rebuild_rbac_system();
-- commit; -- commit;
--
-- How it works:
-- 1. All grants previously created from the RBAC specification of this table will be deleted.
-- These grants are identified by `hs_booking.project.grantedByTriggerOf IS NOT NULL`.
-- User-induced grants (`hs_booking.project.grantedByTriggerOf IS NULL`) are NOT deleted.
-- 2. New role types will be created, but existing role types which are not specified anymore,
-- will NOT be deleted!
-- 3. All newly specified grants will be created.
--
-- IMPORTANT:
-- Make sure not to skip any previously defined role-types or you might break indirect grants!
-- E.g. If, in an updated version of the RBAC system for a table, you remove the AGENT role type
-- and now directly grant the TENANT role to the ADMIN role, all external grants to the AGENT role
-- of this table would be in a dead end.
create or replace procedure hs_booking.project_rebuild_rbac_system() create or replace procedure hs_booking.project_rebuild_rbac_system()
language plpgsql as $$ language plpgsql as $$

View File

@ -280,11 +280,26 @@ call rbac.generateRbacRestrictedView('hs_booking.item',
--changeset RbacRbacSystemRebuildGenerator:hs-booking-item-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-booking-item-rbac-rebuild endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_booking.item after changing its RBAC specification.
-- --
-- begin transaction; -- begin transaction;
-- call base.defineContext('re-creating RBAC for table hs_booking.item', null, <<insert executing global admin user here>>); -- call base.defineContext('re-creating RBAC for table hs_booking.item', null, <<insert executing global admin user here>>);
-- call hs_booking.item_rebuild_rbac_system(); -- call hs_booking.item_rebuild_rbac_system();
-- commit; -- commit;
--
-- How it works:
-- 1. All grants previously created from the RBAC specification of this table will be deleted.
-- These grants are identified by `hs_booking.item.grantedByTriggerOf IS NOT NULL`.
-- User-induced grants (`hs_booking.item.grantedByTriggerOf IS NULL`) are NOT deleted.
-- 2. New role types will be created, but existing role types which are not specified anymore,
-- will NOT be deleted!
-- 3. All newly specified grants will be created.
--
-- IMPORTANT:
-- Make sure not to skip any previously defined role-types or you might break indirect grants!
-- E.g. If, in an updated version of the RBAC system for a table, you remove the AGENT role type
-- and now directly grant the TENANT role to the ADMIN role, all external grants to the AGENT role
-- of this table would be in a dead end.
create or replace procedure hs_booking.item_rebuild_rbac_system() create or replace procedure hs_booking.item_rebuild_rbac_system()
language plpgsql as $$ language plpgsql as $$

View File

@ -186,11 +186,26 @@ call rbac.generateRbacRestrictedView('hs_hosting.asset',
--changeset RbacRbacSystemRebuildGenerator:hs-hosting-asset-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-hosting-asset-rbac-rebuild endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_hosting.asset after changing its RBAC specification.
-- --
-- begin transaction; -- begin transaction;
-- call base.defineContext('re-creating RBAC for table hs_hosting.asset', null, <<insert executing global admin user here>>); -- call base.defineContext('re-creating RBAC for table hs_hosting.asset', null, <<insert executing global admin user here>>);
-- call hs_hosting.asset_rebuild_rbac_system(); -- call hs_hosting.asset_rebuild_rbac_system();
-- commit; -- commit;
--
-- How it works:
-- 1. All grants previously created from the RBAC specification of this table will be deleted.
-- These grants are identified by `hs_hosting.asset.grantedByTriggerOf IS NOT NULL`.
-- User-induced grants (`hs_hosting.asset.grantedByTriggerOf IS NULL`) are NOT deleted.
-- 2. New role types will be created, but existing role types which are not specified anymore,
-- will NOT be deleted!
-- 3. All newly specified grants will be created.
--
-- IMPORTANT:
-- Make sure not to skip any previously defined role-types or you might break indirect grants!
-- E.g. If, in an updated version of the RBAC system for a table, you remove the AGENT role type
-- and now directly grant the TENANT role to the ADMIN role, all external grants to the AGENT role
-- of this table would be in a dead end.
create or replace procedure hs_hosting.asset_rebuild_rbac_system() create or replace procedure hs_hosting.asset_rebuild_rbac_system()
language plpgsql as $$ language plpgsql as $$