Skip to content
Open
Show file tree
Hide file tree
Changes from 6 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions scripts/postgres_data/create_sql/createDB.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
-- database to store metadata about datasets
CREATE DATABASE datasetDB;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How does this relate to existing DB structure? Is datasetDB supposed to replace the existing DB structure?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If yes, then this structure would have to comply with what we currently have since the existing code depends on it (SQL queries, FastAPI)

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if admin is going to be replaced by datasetDB, then this would need to be adapted when creating the psycopg client as now it is assumed that the db user and the db name are the same.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes it will be the case, I can update accordingly. with a database and user of the same name "admin"is not easy for monitoring purpose.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will open another PR after Michal copied the data from postgres DB to datasetDB.

-- database to store metadata about file registry from datasets
CREATE DATABASE fileDB;
-- database to store metadata about tool registry
CREATE DATABASE toolDB;
-- database to store metadata about user usage and query
CREATE DATABASE userDB;
41 changes: 41 additions & 0 deletions scripts/postgres_data/create_sql/datasetDBconfig.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
-- ---------------------------
-- DATABASE 1 – Dataset / FAIR, connect to datasetDB first
-- ---------------------------
\c datasetDB

-- Create roles
CREATE ROLE datasetDB_read;
CREATE ROLE datasetDB_readwrite;
CREATE ROLE datasetDB_admin;

GRANT CONNECT ON DATABASE datasetDB TO datasetDB_read, datasetDB_readwrite, datasetDB_admin;

-- READ
GRANT USAGE ON SCHEMA public TO datasetDB_read;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO datasetDB_read;

-- READWRITE
GRANT USAGE, CREATE ON SCHEMA public TO datasetDB_readwrite;
GRANT SELECT, INSERT, UPDATE ON ALL TABLES IN SCHEMA public TO datasetDB_readwrite;

-- ADMIN
GRANT ALL PRIVILEGES ON DATABASE datasetDB TO datasetDB_admin;
GRANT ALL PRIVILEGES ON SCHEMA public TO datasetDB_admin;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO datasetDB_admin;

-- Future tables inherit permissions
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT SELECT ON TABLES TO datasetDB_read;

ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT SELECT, INSERT, UPDATE ON TABLES TO datasetDB_readwrite;

ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT ALL ON TABLES TO datasetDB_admin;

-- Read
GRANT datasetDB_read TO reggie, jusong, ritwik;
-- Read/Write, script cannot delete important
GRANT datasetDB_readwrite TO script;
-- Admin
GRANT datasetDB_admin TO tobias, josip, michal, ping, vincent;
43 changes: 43 additions & 0 deletions scripts/postgres_data/create_sql/fileDBconfig.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
-- ---------------------------
-- DATABASE 2 – File Registry, connect to fileDB first
-- ---------------------------
\c fileDB

-- Create roles
CREATE ROLE fileDB_read;
CREATE ROLE fileDB_readwrite;
CREATE ROLE fileDB_admin;

GRANT CONNECT ON DATABASE fileDB TO fileDB_read, fileDB_readwrite, fileDB_admin;

-- READ
GRANT USAGE ON SCHEMA public TO fileDB_read;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO fileDB_read;

-- READWRITE
GRANT USAGE, CREATE ON SCHEMA public TO fileDB_readwrite;
GRANT SELECT, INSERT, UPDATE ON ALL TABLES TO fileDB_readwrite;

-- ADMIN
GRANT ALL PRIVILEGES ON DATABASE fileDB TO fileDB_admin;
GRANT ALL PRIVILEGES ON SCHEMA public TO fileDB_admin;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO fileDB_admin;

-- Future tables
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT SELECT ON TABLES TO fileDB_read;

ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT SELECT, INSERT, UPDATE ON TABLES TO fileDB_readwrite;

ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT ALL ON TABLES TO fileDB_admin;

-- Read
GRANT fileDB_read TO tobias, josip, ping, vincent, ritwik;

-- Read/Write, script cannot delete important
GRANT fileDB_readwrite TO script;

-- Admin
GRANT fileDB_admin TO michal, reggie, jusong, eko;
42 changes: 42 additions & 0 deletions scripts/postgres_data/create_sql/toolDBconfig.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
-- ---------------------------
-- DATABASE 3 – Tool Registry, connect to toolDB first
-- ---------------------------
/c toolDB
-- Create roles
CREATE ROLE toolDB__read;
CREATE ROLE toolDB__readwrite;
CREATE ROLE toolDB__admin;

GRANT CONNECT ON DATABASE toolDB TO toolDB_read, toolDB_readwrite, toolDB_admin;

-- READ
GRANT USAGE ON SCHEMA public TO toolDB_read;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO toolDB_read;

-- READWRITE
GRANT USAGE, CREATE ON SCHEMA public TO toolDB_readwrite;
GRANT SELECT, INSERT, UPDATE ON ALL TABLES TO toolDB_readwrite;

-- ADMIN
GRANT ALL PRIVILEGES ON DATABASE toolDB TO toolDB_admin;
GRANT ALL PRIVILEGES ON SCHEMA public TO toolDB_admin;
GRANT ALL PRIVILEGES ON ALL TABLES TO toolDB_admin;

-- Future tables
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT SELECT ON TABLES TO toolDB_read;

ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT SELECT, INSERT, UPDATE ON TABLES TO toolDB_readwrite;

ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT ALL ON TABLES TO toolDB_admin;

-- Read
GRANT toolDB__read TO tobias, josip, ping, vincent, ritwik;

-- Read/Write, script cannot delete important
GRANT toolDB__readwrite TO script;

-- Admin
GRANT toolDB__admin TO michal, jusong, reggie, eko;
15 changes: 15 additions & 0 deletions scripts/postgres_data/create_sql/user.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
---------------------------------------------------------
-- CREATE GOLOBAL USERS

CREATE ROLE reggie LOGIN PASSWORD 'reggie';
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there another way to manage user? This seems hard to maintain as new users will join the project.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can write a procedure to skip those roles which have been already created before. So far we still do not have procedure.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we have to manually manage the user in user.sql and their access in access.sql assuming that we will not have more than 10 new users every year

CREATE ROLE jusong LOGIN PASSWORD 'jusong';
CREATE ROLE ritwik LOGIN PASSWORD 'ritwik';
CREATE ROLE tobias LOGIN PASSWORD 'tobias';
CREATE ROLE josip LOGIN PASSWORD 'josip';
CREATE ROLE michal LOGIN PASSWORD 'michal';
CREATE ROLE ping LOGIN PASSWORD 'ping';
CREATE ROLE vincent LOGIN PASSWORD 'vincent';
CREATE ROLE eko LOGIN PASSWORD 'eko';

-- System service accounts
CREATE ROLE script LOGIN PASSWORD 'script';
44 changes: 44 additions & 0 deletions scripts/postgres_data/create_sql/userDBconfig.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@

-- ---------------------------
-- DATABASE 4 – User History, connect to userDB first
-- ---------------------------
/c userDB

-- Create roles
CREATE ROLE userDB_read;
CREATE ROLE userDB_readwrite;
CREATE ROLE userDB_admin;

GRANT CONNECT ON DATABASE userDB TO userDB_read, userDB_readwrite, userDB_admin;

-- READ
GRANT USAGE ON SCHEMA public TO userDB_read;
GRANT SELECT ON ALL TABLES TO userDB_read;

-- READWRITE
GRANT USAGE, CREATE ON SCHEMA public TO userDB_readwrite;
GRANT SELECT, INSERT, UPDATE ON ALL TABLES TO userDB_readwrite;

-- ADMIN
GRANT ALL PRIVILEGES ON DATABASE userDB TO userDB_admin;
GRANT ALL PRIVILEGES ON SCHEMA public TO userDB_admin;
GRANT ALL PRIVILEGES ON ALL TABLES TO userDB_admin;

-- Future tables
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT SELECT ON TABLES TO userDB_read;

ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT SELECT, INSERT, UPDATE ON TABLES TO userDB_readwrite;

ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT ALL ON TABLES TO userDB_admin;

-- Read
GRANT userDB_read TO jusong, reggie, josip, tobias;

-- Read/Write, script cannot delete important
GRANT userDB_readwrite TO script;

-- Admin
GRANT userDB_admin TO michal, vincent, ritwik, ping;