mirror of
https://github.com/corda/corda.git
synced 2025-03-16 00:55:24 +00:00
Document minimal administration rights for databases - related to ENT-2243 (#1312)
This commit is contained in:
szymonsztuka
GitHub
parent
fa0523f761
commit
53ce630889
@ -95,8 +95,8 @@ To set up a database schema, use the following SQL:
|
||||
CREATE LOGIN [LOGIN] WITH PASSWORD = [PASSWORD];
|
||||
CREATE SCHEMA [SCHEMA];
|
||||
CREATE USER [USER] FOR LOGIN [SCHEMA] WITH DEFAULT_SCHEMA = [SCHEMA];
|
||||
GRANT ALTER, DELETE, EXECUTE, INSERT, REFERENCES, SELECT, UPDATE, VIEW DEFINITION ON SCHEMA::[SCHEMA] TO [USER];
|
||||
GRANT CREATE TABLE, CREATE PROCEDURE, CREATE FUNCTION, CREATE VIEW TO [USER];
|
||||
GRANT SELECT, INSERT, UPDATE, DELETE, VIEW DEFINITION, ALTER, REFERENCES ON SCHEMA::[SCHEMA] TO [USER];
|
||||
GRANT CREATE TABLE TO [USER];
|
||||
|
||||
Example node configuration for SQL Azure:
|
||||
|
||||
@ -209,7 +209,6 @@ To set up a database schema, use the following SQL:
|
||||
GRANT CREATE SESSION TO [USER];
|
||||
GRANT CREATE TABLE TO [USER];
|
||||
GRANT CREATE SEQUENCE TO [USER];
|
||||
GRANT ALL PRIVILEGES TO [USER] IDENTIFIED BY [PASSWORD];
|
||||
|
||||
Example node configuration for Oracle:
|
||||
|
||||
@ -318,11 +317,11 @@ To set up a database schema, use the following SQL:
|
||||
|
||||
CREATE USER "[USER]" WITH LOGIN password '[PASSWORD]';
|
||||
CREATE SCHEMA "[SCHEMA]";
|
||||
GRANT ALL ON SCHEMA "[SCHEMA]" TO "[USER]";
|
||||
GRANT ALL ON ALL tables IN SCHEMA "[SCHEMA]" TO "[USER]";
|
||||
ALTER DEFAULT privileges IN SCHEMA "[SCHEMA]" GRANT ALL ON tables TO "[USER]";
|
||||
GRANT ALL ON ALL sequences IN SCHEMA "[SCHEMA]" TO "[USER]";
|
||||
ALTER DEFAULT privileges IN SCHEMA "[SCHEMA]" GRANT ALL ON sequences TO "[USER]";
|
||||
GRANT USAGE, CREATE ON SCHEMA "[SCHEMA]" TO "[USER]";
|
||||
GRANT SELECT, INSERT, UPDATE, DELETE, REFERENCES ON ALL tables IN SCHEMA "[SCHEMA]" TO "[USER]";
|
||||
ALTER DEFAULT privileges IN SCHEMA "[SCHEMA]" GRANT SELECT, INSERT, UPDATE, DELETE, REFERENCES ON tables TO "[USER]";
|
||||
GRANT USAGE, SELECT ON ALL sequences IN SCHEMA "[SCHEMA]" TO "[USER]";
|
||||
ALTER DEFAULT privileges IN SCHEMA "[SCHEMA]" GRANT USAGE, SELECT ON sequences TO "[USER]";
|
||||
ALTER ROLE "[USER]" SET search_path = "[SCHEMA]";
|
||||
|
||||
Example node configuration for PostgreSQL:
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
IF NOT EXISTS (SELECT schema_name FROM information_schema.schemata WHERE schema_name = '${schema}') EXEC('CREATE SCHEMA ${schema}');
|
||||
IF NOT EXISTS (SELECT * FROM sys.sysusers WHERE name='${schema}') CREATE USER ${schema} FOR LOGIN ${schema} WITH DEFAULT_SCHEMA = ${schema};
|
||||
GRANT ALTER, DELETE, EXECUTE, INSERT, REFERENCES, SELECT, UPDATE, VIEW DEFINITION ON SCHEMA::${schema} TO ${schema};
|
||||
GRANT CREATE TABLE, CREATE PROCEDURE, CREATE FUNCTION, CREATE VIEW TO ${schema};
|
||||
GRANT SELECT, INSERT, UPDATE, DELETE, VIEW DEFINITION, ALTER, REFERENCES ON SCHEMA::${schema} TO ${schema};
|
||||
GRANT CREATE TABLE TO ${schema};
|
||||
@ -3,5 +3,4 @@ CREATE USER ${schema} IDENTIFIED BY 1234
|
||||
GRANT UNLIMITED TABLESPACE TO ${schema}
|
||||
GRANT CREATE SESSION TO ${schema}
|
||||
GRANT CREATE TABLE TO ${schema}
|
||||
GRANT CREATE SEQUENCE TO ${schema}
|
||||
GRANT ALL PRIVILEGES TO ${schema} IDENTIFIED BY 1234
|
||||
GRANT CREATE SEQUENCE TO ${schema}
|
||||
@ -3,8 +3,8 @@ DROP OWNED by "${schema}";
|
||||
DROP USER IF EXISTS "${schema}";
|
||||
CREATE USER "${schema}" WITH LOGIN password '1234';
|
||||
CREATE SCHEMA "${schema}";
|
||||
GRANT ALL ON SCHEMA "${schema}" TO "${schema}";
|
||||
GRANT ALL ON ALL tables IN SCHEMA "${schema}" TO "${schema}";
|
||||
ALTER DEFAULT privileges IN SCHEMA "${schema}" GRANT ALL ON tables TO "${schema}";
|
||||
GRANT ALL ON ALL sequences IN SCHEMA "${schema}" TO "${schema}";
|
||||
ALTER DEFAULT privileges IN SCHEMA "${schema}" GRANT ALL ON sequences TO "${schema}";
|
||||
GRANT USAGE, CREATE ON SCHEMA "${schema}" TO "${schema}";
|
||||
GRANT SELECT, INSERT, UPDATE, DELETE, REFERENCES ON ALL tables IN SCHEMA "${schema}" TO "${schema}";
|
||||
ALTER DEFAULT privileges IN SCHEMA "${schema}" GRANT SELECT, INSERT, UPDATE, DELETE, REFERENCES ON tables TO "${schema}";
|
||||
GRANT USAGE, SELECT ON ALL sequences IN SCHEMA "${schema}" TO "${schema}";
|
||||
ALTER DEFAULT privileges IN SCHEMA "${schema}" GRANT USAGE, SELECT ON sequences TO "${schema}";
|
||||
@ -1,55 +0,0 @@
|
||||
DROP TABLE IF EXISTS ${schema}.cash_state_participants;
|
||||
DROP TABLE IF EXISTS ${schema}.cash_states_v2_participants;
|
||||
DROP TABLE IF EXISTS ${schema}.cp_states_v2_participants;
|
||||
DROP TABLE IF EXISTS ${schema}.dummy_linear_state_parts;
|
||||
DROP TABLE IF EXISTS ${schema}.dummy_linear_states_v2_parts;
|
||||
DROP TABLE IF EXISTS ${schema}.dummy_deal_states_parts;
|
||||
DROP TABLE IF EXISTS ${schema}.node_attachments;
|
||||
DROP TABLE IF EXISTS ${schema}.node_checkpoints;
|
||||
DROP TABLE IF EXISTS ${schema}.node_transactions;
|
||||
DROP TABLE IF EXISTS ${schema}.node_message_retry;
|
||||
DROP TABLE IF EXISTS ${schema}.node_message_ids;
|
||||
DROP TABLE IF EXISTS ${schema}.vault_states;
|
||||
DROP TABLE IF EXISTS ${schema}.node_our_key_pairs;
|
||||
DROP TABLE IF EXISTS ${schema}.node_scheduled_states;
|
||||
DROP TABLE IF EXISTS ${schema}.node_network_map_nodes;
|
||||
DROP TABLE IF EXISTS ${schema}.node_network_map_subscribers;
|
||||
DROP TABLE IF EXISTS ${schema}.node_notary_committed_states;
|
||||
DROP TABLE IF EXISTS ${schema}.node_notary_request_log;
|
||||
DROP TABLE IF EXISTS ${schema}.node_transaction_mappings;
|
||||
DROP TABLE IF EXISTS ${schema}.vault_fungible_states_parts;
|
||||
DROP TABLE IF EXISTS ${schema}.vault_linear_states_parts;
|
||||
DROP TABLE IF EXISTS ${schema}.vault_fungible_states;
|
||||
DROP TABLE IF EXISTS ${schema}.vault_linear_states;
|
||||
DROP TABLE IF EXISTS ${schema}.node_bft_committed_states;
|
||||
DROP TABLE IF EXISTS ${schema}.node_raft_committed_states;
|
||||
DROP TABLE IF EXISTS ${schema}.vault_transaction_notes;
|
||||
DROP TABLE IF EXISTS ${schema}.link_nodeinfo_party;
|
||||
DROP TABLE IF EXISTS ${schema}.node_link_nodeinfo_party;
|
||||
DROP TABLE IF EXISTS ${schema}.node_info_party_cert;
|
||||
DROP TABLE IF EXISTS ${schema}.node_info_hosts;
|
||||
DROP TABLE IF EXISTS ${schema}.node_infos;
|
||||
DROP TABLE IF EXISTS ${schema}.cp_states;
|
||||
DROP TABLE IF EXISTS ${schema}.node_contract_upgrades;
|
||||
DROP TABLE IF EXISTS ${schema}.node_identities;
|
||||
DROP TABLE IF EXISTS ${schema}.node_named_identities;
|
||||
DROP TABLE IF EXISTS ${schema}.children;
|
||||
DROP TABLE IF EXISTS ${schema}.parents;
|
||||
DROP TABLE IF EXISTS ${schema}.contract_cash_states;
|
||||
DROP TABLE IF EXISTS ${schema}.contract_cash_states_v1;
|
||||
DROP TABLE IF EXISTS ${schema}.messages;
|
||||
DROP TABLE IF EXISTS ${schema}.state_participants;
|
||||
DROP TABLE IF EXISTS ${schema}.cash_states_v2;
|
||||
DROP TABLE IF EXISTS ${schema}.cash_states_v3;
|
||||
DROP TABLE IF EXISTS ${schema}.cp_states_v1;
|
||||
DROP TABLE IF EXISTS ${schema}.cp_states_v2;
|
||||
DROP TABLE IF EXISTS ${schema}.dummy_deal_states;
|
||||
DROP TABLE IF EXISTS ${schema}.dummy_linear_states;
|
||||
DROP TABLE IF EXISTS ${schema}.dummy_linear_states_v2;
|
||||
DROP TABLE IF EXISTS ${schema}.node_mutual_exclusion;
|
||||
DROP TABLE IF EXISTS ${schema}.DATABASECHANGELOG;
|
||||
DROP TABLE IF EXISTS ${schema}.DATABASECHANGELOGLOCK;
|
||||
DROP SEQUENCE IF EXISTS ${schema}.hibernate_sequence;
|
||||
DROP LOGIN ${schema};
|
||||
DROP USER IF EXISTS ${schema};
|
||||
DROP SCHEMA IF EXISTS ${schema};
|
||||
@ -1,58 +0,0 @@
|
||||
DROP TABLE IF EXISTS ${schema}.cash_state_participants;
|
||||
DROP TABLE IF EXISTS ${schema}.cash_states_v2_participants;
|
||||
DROP TABLE IF EXISTS ${schema}.cp_states_v2_participants;
|
||||
DROP TABLE IF EXISTS ${schema}.dummy_linear_state_parts;
|
||||
DROP TABLE IF EXISTS ${schema}.dummy_linear_states_v2_parts;
|
||||
DROP TABLE IF EXISTS ${schema}.dummy_deal_states_parts;
|
||||
DROP TABLE IF EXISTS ${schema}.node_attachments;
|
||||
DROP TABLE IF EXISTS ${schema}.node_checkpoints;
|
||||
DROP TABLE IF EXISTS ${schema}.node_transactions;
|
||||
DROP TABLE IF EXISTS ${schema}.node_message_retry;
|
||||
DROP TABLE IF EXISTS ${schema}.node_message_ids;
|
||||
DROP TABLE IF EXISTS ${schema}.vault_states;
|
||||
DROP TABLE IF EXISTS ${schema}.node_our_key_pairs;
|
||||
DROP TABLE IF EXISTS ${schema}.node_scheduled_states;
|
||||
DROP TABLE IF EXISTS ${schema}.node_network_map_nodes;
|
||||
DROP TABLE IF EXISTS ${schema}.node_network_map_subscribers;
|
||||
DROP TABLE IF EXISTS ${schema}.node_notary_committed_states;
|
||||
DROP TABLE IF EXISTS ${schema}.node_notary_request_log;
|
||||
DROP TABLE IF EXISTS ${schema}.node_transaction_mappings;
|
||||
DROP TABLE IF EXISTS ${schema}.vault_fungible_states_parts;
|
||||
DROP TABLE IF EXISTS ${schema}.vault_linear_states_parts;
|
||||
DROP TABLE IF EXISTS ${schema}.vault_fungible_states;
|
||||
DROP TABLE IF EXISTS ${schema}.vault_linear_states;
|
||||
DROP TABLE IF EXISTS ${schema}.node_bft_committed_states;
|
||||
DROP TABLE IF EXISTS ${schema}.node_raft_committed_states;
|
||||
DROP TABLE IF EXISTS ${schema}.vault_transaction_notes;
|
||||
DROP TABLE IF EXISTS ${schema}.link_nodeinfo_party;
|
||||
DROP TABLE IF EXISTS ${schema}.node_link_nodeinfo_party;
|
||||
DROP TABLE IF EXISTS ${schema}.node_info_party_cert;
|
||||
DROP TABLE IF EXISTS ${schema}.node_info_hosts;
|
||||
DROP TABLE IF EXISTS ${schema}.node_infos;
|
||||
DROP TABLE IF EXISTS ${schema}.cp_states;
|
||||
DROP TABLE IF EXISTS ${schema}.node_contract_upgrades;
|
||||
DROP TABLE IF EXISTS ${schema}.node_identities;
|
||||
DROP TABLE IF EXISTS ${schema}.node_named_identities;
|
||||
DROP TABLE IF EXISTS ${schema}.children;
|
||||
DROP TABLE IF EXISTS ${schema}.parents;
|
||||
DROP TABLE IF EXISTS ${schema}.contract_cash_states;
|
||||
DROP TABLE IF EXISTS ${schema}.messages;
|
||||
DROP TABLE IF EXISTS ${schema}.state_participants;
|
||||
DROP TABLE IF EXISTS ${schema}.cash_states_v2;
|
||||
DROP TABLE IF EXISTS ${schema}.cash_states_v3;
|
||||
DROP TABLE IF EXISTS ${schema}.cp_states_v2;
|
||||
DROP TABLE IF EXISTS ${schema}.dummy_deal_states;
|
||||
DROP TABLE IF EXISTS ${schema}.dummy_linear_states;
|
||||
DROP TABLE IF EXISTS ${schema}.dummy_linear_states_v2;
|
||||
DROP TABLE IF EXISTS ${schema}.node_mutual_exclusion;
|
||||
DROP SEQUENCE IF EXISTS ${schema}.hibernate_sequence;
|
||||
DROP TABLE IF EXISTS ${schema}.DATABASECHANGELOG;
|
||||
DROP TABLE IF EXISTS ${schema}.DATABASECHANGELOGLOCK;
|
||||
DROP USER IF EXISTS ${schema};
|
||||
DROP LOGIN ${schema};
|
||||
DROP SCHEMA IF EXISTS ${schema};
|
||||
CREATE LOGIN ${schema} WITH PASSWORD = 'yourStrong(!)Password';
|
||||
IF NOT EXISTS (SELECT schema_name FROM information_schema.schemata WHERE schema_name = '${schema}') EXEC('CREATE SCHEMA ${schema}');
|
||||
IF NOT EXISTS (SELECT * FROM sys.sysusers WHERE name='${schema}') CREATE USER ${schema} FOR LOGIN ${schema};
|
||||
GRANT ALTER, DELETE, EXECUTE, INSERT, REFERENCES, SELECT, UPDATE, VIEW DEFINITION ON SCHEMA::${schema} TO ${schema};
|
||||
GRANT CREATE TABLE, CREATE PROCEDURE, CREATE FUNCTION, CREATE VIEW TO ${schema};
|
||||
@ -1,52 +0,0 @@
|
||||
DROP TABLE IF EXISTS ${schema}.cash_state_participants;
|
||||
DROP TABLE IF EXISTS ${schema}.cash_states_v2_participants;
|
||||
DROP TABLE IF EXISTS ${schema}.cp_states_v2_participants;
|
||||
DROP TABLE IF EXISTS ${schema}.dummy_linear_state_parts;
|
||||
DROP TABLE IF EXISTS ${schema}.dummy_linear_states_v2_parts;
|
||||
DROP TABLE IF EXISTS ${schema}.dummy_deal_states_parts;
|
||||
DROP TABLE IF EXISTS ${schema}.node_attachments;
|
||||
DROP TABLE IF EXISTS ${schema}.node_checkpoints;
|
||||
DROP TABLE IF EXISTS ${schema}.node_transactions;
|
||||
DROP TABLE IF EXISTS ${schema}.node_message_retry;
|
||||
DROP TABLE IF EXISTS ${schema}.node_message_ids;
|
||||
DROP TABLE IF EXISTS ${schema}.vault_states;
|
||||
DROP TABLE IF EXISTS ${schema}.node_our_key_pairs;
|
||||
DROP TABLE IF EXISTS ${schema}.node_scheduled_states;
|
||||
DROP TABLE IF EXISTS ${schema}.node_network_map_nodes;
|
||||
DROP TABLE IF EXISTS ${schema}.node_network_map_subscribers;
|
||||
DROP TABLE IF EXISTS ${schema}.node_notary_committed_states;
|
||||
DROP TABLE IF EXISTS ${schema}.node_notary_request_log;
|
||||
DROP TABLE IF EXISTS ${schema}.node_transaction_mappings;
|
||||
DROP TABLE IF EXISTS ${schema}.vault_fungible_states_parts;
|
||||
DROP TABLE IF EXISTS ${schema}.vault_linear_states_parts;
|
||||
DROP TABLE IF EXISTS ${schema}.vault_fungible_states;
|
||||
DROP TABLE IF EXISTS ${schema}.vault_linear_states;
|
||||
DROP TABLE IF EXISTS ${schema}.node_bft_committed_states;
|
||||
DROP TABLE IF EXISTS ${schema}.node_raft_committed_states;
|
||||
DROP TABLE IF EXISTS ${schema}.vault_transaction_notes;
|
||||
DROP TABLE IF EXISTS ${schema}.link_nodeinfo_party;
|
||||
DROP TABLE IF EXISTS ${schema}.node_link_nodeinfo_party;
|
||||
DROP TABLE IF EXISTS ${schema}.node_info_party_cert;
|
||||
DROP TABLE IF EXISTS ${schema}.node_info_hosts;
|
||||
DROP TABLE IF EXISTS ${schema}.node_infos;
|
||||
DROP TABLE IF EXISTS ${schema}.cp_states;
|
||||
DROP TABLE IF EXISTS ${schema}.node_contract_upgrades;
|
||||
DROP TABLE IF EXISTS ${schema}.node_identities;
|
||||
DROP TABLE IF EXISTS ${schema}.node_named_identities;
|
||||
DROP TABLE IF EXISTS ${schema}.children;
|
||||
DROP TABLE IF EXISTS ${schema}.parents;
|
||||
DROP TABLE IF EXISTS ${schema}.contract_cash_states;
|
||||
DROP TABLE IF EXISTS ${schema}.contract_cash_states_v1;
|
||||
DROP TABLE IF EXISTS ${schema}.messages;
|
||||
DROP TABLE IF EXISTS ${schema}.state_participants;
|
||||
DROP TABLE IF EXISTS ${schema}.cash_states_v2;
|
||||
DROP TABLE IF EXISTS ${schema}.cash_states_v3;
|
||||
DROP TABLE IF EXISTS ${schema}.cp_states_v1;
|
||||
DROP TABLE IF EXISTS ${schema}.cp_states_v2;
|
||||
DROP TABLE IF EXISTS ${schema}.dummy_deal_states;
|
||||
DROP TABLE IF EXISTS ${schema}.dummy_linear_states;
|
||||
DROP TABLE IF EXISTS ${schema}.dummy_linear_states_v2;
|
||||
DROP TABLE IF EXISTS ${schema}.node_mutual_exclusion;
|
||||
DROP TABLE IF EXISTS ${schema}.DATABASECHANGELOG;
|
||||
DROP TABLE IF EXISTS ${schema}.DATABASECHANGELOGLOCK;
|
||||
DROP SEQUENCE IF EXISTS ${schema}.hibernate_sequence;
|
||||
@ -68,10 +68,9 @@ DROP TABLE IF EXISTS ${schema}.network_parameters;
|
||||
DROP TABLE IF EXISTS ${schema}.private_network;
|
||||
DROP SEQUENCE IF EXISTS ${schema}.hibernate_sequence;
|
||||
DROP USER IF EXISTS ${schema};
|
||||
DROP LOGIN ${schema};
|
||||
DROP SCHEMA IF EXISTS ${schema};
|
||||
IF NOT EXISTS (SELECT * FROM sys.server_principals WHERE name = N'${schema}') CREATE LOGIN ${schema} WITH PASSWORD = 'yourStrong(!)Password';
|
||||
CREATE SCHEMA ${schema};
|
||||
CREATE USER ${schema} FOR LOGIN ${schema} WITH DEFAULT_SCHEMA = ${schema};
|
||||
GRANT ALTER, DELETE, EXECUTE, INSERT, REFERENCES, SELECT, UPDATE, VIEW DEFINITION ON SCHEMA::${schema} TO ${schema};
|
||||
GRANT CREATE TABLE, CREATE PROCEDURE, CREATE FUNCTION, CREATE VIEW TO ${schema};
|
||||
GRANT SELECT, INSERT, UPDATE, DELETE, VIEW DEFINITION, ALTER, REFERENCES ON SCHEMA::${schema} TO ${schema};
|
||||
GRANT CREATE TABLE TO ${schema};
|
||||
@ -69,5 +69,5 @@ DROP TABLE IF EXISTS ${schema}.private_network;
|
||||
DROP SEQUENCE IF EXISTS ${schema}.hibernate_sequence;
|
||||
IF NOT EXISTS (SELECT schema_name FROM information_schema.schemata WHERE schema_name = '${schema}') EXEC('CREATE SCHEMA ${schema}');
|
||||
IF NOT EXISTS (SELECT * FROM sys.sysusers WHERE name='${schema}') CREATE USER ${schema} FOR LOGIN ${schema} WITH DEFAULT_SCHEMA = ${schema};
|
||||
GRANT ALTER, DELETE, EXECUTE, INSERT, REFERENCES, SELECT, UPDATE, VIEW DEFINITION ON SCHEMA::${schema} TO ${schema};
|
||||
GRANT CREATE TABLE, CREATE PROCEDURE, CREATE FUNCTION, CREATE VIEW TO ${schema};
|
||||
GRANT SELECT, INSERT, UPDATE, DELETE, VIEW DEFINITION, ALTER, REFERENCES ON SCHEMA::${schema} TO ${schema};
|
||||
GRANT CREATE TABLE TO ${schema};
|
||||
Loading…
x
Reference in New Issue
Block a user