migrate: ajout GRANT + ALTER DEFAULT PRIVILEGES pour user patchcenter (idempotent)

2026-04-27 13:44:45 +00:00 · 2026-04-27 13:44:45 +00:00 · f32c247bf4
commit f32c247bf4
parent 19ab837e12
2 changed files with 19 additions and 0 deletions
--- a/migrate_missing_tables_20260427.sql
+++ b/migrate_missing_tables_20260427.sql
@ -575,3 +575,18 @@ ALTER TABLE ONLY public.server_databases


 --
+
+-- Privilèges pour le user applicatif sur les nouvelles tables + futures
+GRANT USAGE ON SCHEMA public TO patchcenter;
+GRANT SELECT, INSERT, UPDATE, DELETE ON
+    chassis, hypervisors, qualys_missing_servers,
+    qualys_vuln_snapshot, qualys_vuln_snapshot_run,
+    secops_duty, server_databases
+    TO patchcenter;
+GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO patchcenter;
+
+-- Default privileges : toute future table créée par postgres aura ces droits automatiquement
+ALTER DEFAULT PRIVILEGES IN SCHEMA public
+    GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO patchcenter;
+ALTER DEFAULT PRIVILEGES IN SCHEMA public
+    GRANT USAGE, SELECT ON SEQUENCES TO patchcenter;
--- a/migrate_qualys_vuln_dashboard.sql
+++ b/migrate_qualys_vuln_dashboard.sql
@ -33,3 +33,7 @@ CREATE INDEX IF NOT EXISTS idx_vuln_snap_run_dim
    ON qualys_vuln_snapshot (run_id, dimension);
 CREATE INDEX IF NOT EXISTS idx_vuln_snap_dim_val
    ON qualys_vuln_snapshot (dimension, dimension_value);
+
+-- Privilèges pour le user applicatif (mode demo + reel)
+GRANT SELECT, INSERT, UPDATE, DELETE ON qualys_vuln_snapshot, qualys_vuln_snapshot_run TO patchcenter;
+GRANT USAGE, SELECT ON SEQUENCE qualys_vuln_snapshot_id_seq, qualys_vuln_snapshot_run_id_seq TO patchcenter;