diff --git a/docs/source/node-database.rst b/docs/source/node-database.rst index 3e761393e1..edc52e7922 100644 --- a/docs/source/node-database.rst +++ b/docs/source/node-database.rst @@ -95,8 +95,8 @@ To set up a database schema, use the following SQL: CREATE LOGIN [LOGIN] WITH PASSWORD = [PASSWORD]; CREATE SCHEMA [SCHEMA]; CREATE USER [USER] FOR LOGIN [SCHEMA] WITH DEFAULT_SCHEMA = [SCHEMA]; - GRANT ALTER, DELETE, EXECUTE, INSERT, REFERENCES, SELECT, UPDATE, VIEW DEFINITION ON SCHEMA::[SCHEMA] TO [USER]; - GRANT CREATE TABLE, CREATE PROCEDURE, CREATE FUNCTION, CREATE VIEW TO [USER]; + GRANT SELECT, INSERT, UPDATE, DELETE, VIEW DEFINITION, ALTER, REFERENCES ON SCHEMA::[SCHEMA] TO [USER]; + GRANT CREATE TABLE TO [USER]; Example node configuration for SQL Azure: @@ -209,7 +209,6 @@ To set up a database schema, use the following SQL: GRANT CREATE SESSION TO [USER]; GRANT CREATE TABLE TO [USER]; GRANT CREATE SEQUENCE TO [USER]; - GRANT ALL PRIVILEGES TO [USER] IDENTIFIED BY [PASSWORD]; Example node configuration for Oracle: @@ -318,11 +317,11 @@ To set up a database schema, use the following SQL: CREATE USER "[USER]" WITH LOGIN password '[PASSWORD]'; CREATE SCHEMA "[SCHEMA]"; - GRANT ALL ON SCHEMA "[SCHEMA]" TO "[USER]"; - GRANT ALL ON ALL tables IN SCHEMA "[SCHEMA]" TO "[USER]"; - ALTER DEFAULT privileges IN SCHEMA "[SCHEMA]" GRANT ALL ON tables TO "[USER]"; - GRANT ALL ON ALL sequences IN SCHEMA "[SCHEMA]" TO "[USER]"; - ALTER DEFAULT privileges IN SCHEMA "[SCHEMA]" GRANT ALL ON sequences TO "[USER]"; + GRANT USAGE, CREATE ON SCHEMA "[SCHEMA]" TO "[USER]"; + GRANT SELECT, INSERT, UPDATE, DELETE, REFERENCES ON ALL tables IN SCHEMA "[SCHEMA]" TO "[USER]"; + ALTER DEFAULT privileges IN SCHEMA "[SCHEMA]" GRANT SELECT, INSERT, UPDATE, DELETE, REFERENCES ON tables TO "[USER]"; + GRANT USAGE, SELECT ON ALL sequences IN SCHEMA "[SCHEMA]" TO "[USER]"; + ALTER DEFAULT privileges IN SCHEMA "[SCHEMA]" GRANT USAGE, SELECT ON sequences TO "[USER]"; ALTER ROLE "[USER]" SET search_path = "[SCHEMA]"; Example node configuration for PostgreSQL: diff --git a/testing/test-utils/src/main/resources/database-scripts/azure-sql/db-global-setup.sql b/testing/test-utils/src/main/resources/database-scripts/azure-sql/db-global-setup.sql index 2c361c7ded..6aeb4f9c5a 100644 --- a/testing/test-utils/src/main/resources/database-scripts/azure-sql/db-global-setup.sql +++ b/testing/test-utils/src/main/resources/database-scripts/azure-sql/db-global-setup.sql @@ -1,4 +1,4 @@ IF NOT EXISTS (SELECT schema_name FROM information_schema.schemata WHERE schema_name = '${schema}') EXEC('CREATE SCHEMA ${schema}'); IF NOT EXISTS (SELECT * FROM sys.sysusers WHERE name='${schema}') CREATE USER ${schema} FOR LOGIN ${schema} WITH DEFAULT_SCHEMA = ${schema}; -GRANT ALTER, DELETE, EXECUTE, INSERT, REFERENCES, SELECT, UPDATE, VIEW DEFINITION ON SCHEMA::${schema} TO ${schema}; -GRANT CREATE TABLE, CREATE PROCEDURE, CREATE FUNCTION, CREATE VIEW TO ${schema}; \ No newline at end of file +GRANT SELECT, INSERT, UPDATE, DELETE, VIEW DEFINITION, ALTER, REFERENCES ON SCHEMA::${schema} TO ${schema}; +GRANT CREATE TABLE TO ${schema}; \ No newline at end of file diff --git a/testing/test-utils/src/main/resources/database-scripts/oracle/db-global-setup.sql b/testing/test-utils/src/main/resources/database-scripts/oracle/db-global-setup.sql index aa3c3b6090..14e283cb44 100644 --- a/testing/test-utils/src/main/resources/database-scripts/oracle/db-global-setup.sql +++ b/testing/test-utils/src/main/resources/database-scripts/oracle/db-global-setup.sql @@ -3,5 +3,4 @@ CREATE USER ${schema} IDENTIFIED BY 1234 GRANT UNLIMITED TABLESPACE TO ${schema} GRANT CREATE SESSION TO ${schema} GRANT CREATE TABLE TO ${schema} -GRANT CREATE SEQUENCE TO ${schema} -GRANT ALL PRIVILEGES TO ${schema} IDENTIFIED BY 1234 \ No newline at end of file +GRANT CREATE SEQUENCE TO ${schema} \ No newline at end of file diff --git a/testing/test-utils/src/main/resources/database-scripts/postgres/db-global-setup.sql b/testing/test-utils/src/main/resources/database-scripts/postgres/db-global-setup.sql index c41885d64b..afd2b48061 100644 --- a/testing/test-utils/src/main/resources/database-scripts/postgres/db-global-setup.sql +++ b/testing/test-utils/src/main/resources/database-scripts/postgres/db-global-setup.sql @@ -3,8 +3,8 @@ DROP OWNED by "${schema}"; DROP USER IF EXISTS "${schema}"; CREATE USER "${schema}" WITH LOGIN password '1234'; CREATE SCHEMA "${schema}"; -GRANT ALL ON SCHEMA "${schema}" TO "${schema}"; -GRANT ALL ON ALL tables IN SCHEMA "${schema}" TO "${schema}"; -ALTER DEFAULT privileges IN SCHEMA "${schema}" GRANT ALL ON tables TO "${schema}"; -GRANT ALL ON ALL sequences IN SCHEMA "${schema}" TO "${schema}"; -ALTER DEFAULT privileges IN SCHEMA "${schema}" GRANT ALL ON sequences TO "${schema}"; \ No newline at end of file +GRANT USAGE, CREATE ON SCHEMA "${schema}" TO "${schema}"; +GRANT SELECT, INSERT, UPDATE, DELETE, REFERENCES ON ALL tables IN SCHEMA "${schema}" TO "${schema}"; +ALTER DEFAULT privileges IN SCHEMA "${schema}" GRANT SELECT, INSERT, UPDATE, DELETE, REFERENCES ON tables TO "${schema}"; +GRANT USAGE, SELECT ON ALL sequences IN SCHEMA "${schema}" TO "${schema}"; +ALTER DEFAULT privileges IN SCHEMA "${schema}" GRANT USAGE, SELECT ON sequences TO "${schema}"; \ No newline at end of file diff --git a/testing/test-utils/src/main/resources/database-scripts/sql-server-no-default-schema/db-global-cleanup.sql b/testing/test-utils/src/main/resources/database-scripts/sql-server-no-default-schema/db-global-cleanup.sql deleted file mode 100644 index a9df0bb443..0000000000 --- a/testing/test-utils/src/main/resources/database-scripts/sql-server-no-default-schema/db-global-cleanup.sql +++ /dev/null @@ -1,55 +0,0 @@ -DROP TABLE IF EXISTS ${schema}.cash_state_participants; -DROP TABLE IF EXISTS ${schema}.cash_states_v2_participants; -DROP TABLE IF EXISTS ${schema}.cp_states_v2_participants; -DROP TABLE IF EXISTS ${schema}.dummy_linear_state_parts; -DROP TABLE IF EXISTS ${schema}.dummy_linear_states_v2_parts; -DROP TABLE IF EXISTS ${schema}.dummy_deal_states_parts; -DROP TABLE IF EXISTS ${schema}.node_attachments; -DROP TABLE IF EXISTS ${schema}.node_checkpoints; -DROP TABLE IF EXISTS ${schema}.node_transactions; -DROP TABLE IF EXISTS ${schema}.node_message_retry; -DROP TABLE IF EXISTS ${schema}.node_message_ids; -DROP TABLE IF EXISTS ${schema}.vault_states; -DROP TABLE IF EXISTS ${schema}.node_our_key_pairs; -DROP TABLE IF EXISTS ${schema}.node_scheduled_states; -DROP TABLE IF EXISTS ${schema}.node_network_map_nodes; -DROP TABLE IF EXISTS ${schema}.node_network_map_subscribers; -DROP TABLE IF EXISTS ${schema}.node_notary_committed_states; -DROP TABLE IF EXISTS ${schema}.node_notary_request_log; -DROP TABLE IF EXISTS ${schema}.node_transaction_mappings; -DROP TABLE IF EXISTS ${schema}.vault_fungible_states_parts; -DROP TABLE IF EXISTS ${schema}.vault_linear_states_parts; -DROP TABLE IF EXISTS ${schema}.vault_fungible_states; -DROP TABLE IF EXISTS ${schema}.vault_linear_states; -DROP TABLE IF EXISTS ${schema}.node_bft_committed_states; -DROP TABLE IF EXISTS ${schema}.node_raft_committed_states; -DROP TABLE IF EXISTS ${schema}.vault_transaction_notes; -DROP TABLE IF EXISTS ${schema}.link_nodeinfo_party; -DROP TABLE IF EXISTS ${schema}.node_link_nodeinfo_party; -DROP TABLE IF EXISTS ${schema}.node_info_party_cert; -DROP TABLE IF EXISTS ${schema}.node_info_hosts; -DROP TABLE IF EXISTS ${schema}.node_infos; -DROP TABLE IF EXISTS ${schema}.cp_states; -DROP TABLE IF EXISTS ${schema}.node_contract_upgrades; -DROP TABLE IF EXISTS ${schema}.node_identities; -DROP TABLE IF EXISTS ${schema}.node_named_identities; -DROP TABLE IF EXISTS ${schema}.children; -DROP TABLE IF EXISTS ${schema}.parents; -DROP TABLE IF EXISTS ${schema}.contract_cash_states; -DROP TABLE IF EXISTS ${schema}.contract_cash_states_v1; -DROP TABLE IF EXISTS ${schema}.messages; -DROP TABLE IF EXISTS ${schema}.state_participants; -DROP TABLE IF EXISTS ${schema}.cash_states_v2; -DROP TABLE IF EXISTS ${schema}.cash_states_v3; -DROP TABLE IF EXISTS ${schema}.cp_states_v1; -DROP TABLE IF EXISTS ${schema}.cp_states_v2; -DROP TABLE IF EXISTS ${schema}.dummy_deal_states; -DROP TABLE IF EXISTS ${schema}.dummy_linear_states; -DROP TABLE IF EXISTS ${schema}.dummy_linear_states_v2; -DROP TABLE IF EXISTS ${schema}.node_mutual_exclusion; -DROP TABLE IF EXISTS ${schema}.DATABASECHANGELOG; -DROP TABLE IF EXISTS ${schema}.DATABASECHANGELOGLOCK; -DROP SEQUENCE IF EXISTS ${schema}.hibernate_sequence; -DROP LOGIN ${schema}; -DROP USER IF EXISTS ${schema}; -DROP SCHEMA IF EXISTS ${schema}; \ No newline at end of file diff --git a/testing/test-utils/src/main/resources/database-scripts/sql-server-no-default-schema/db-global-setup.sql b/testing/test-utils/src/main/resources/database-scripts/sql-server-no-default-schema/db-global-setup.sql deleted file mode 100644 index 89369cdecc..0000000000 --- a/testing/test-utils/src/main/resources/database-scripts/sql-server-no-default-schema/db-global-setup.sql +++ /dev/null @@ -1,58 +0,0 @@ -DROP TABLE IF EXISTS ${schema}.cash_state_participants; -DROP TABLE IF EXISTS ${schema}.cash_states_v2_participants; -DROP TABLE IF EXISTS ${schema}.cp_states_v2_participants; -DROP TABLE IF EXISTS ${schema}.dummy_linear_state_parts; -DROP TABLE IF EXISTS ${schema}.dummy_linear_states_v2_parts; -DROP TABLE IF EXISTS ${schema}.dummy_deal_states_parts; -DROP TABLE IF EXISTS ${schema}.node_attachments; -DROP TABLE IF EXISTS ${schema}.node_checkpoints; -DROP TABLE IF EXISTS ${schema}.node_transactions; -DROP TABLE IF EXISTS ${schema}.node_message_retry; -DROP TABLE IF EXISTS ${schema}.node_message_ids; -DROP TABLE IF EXISTS ${schema}.vault_states; -DROP TABLE IF EXISTS ${schema}.node_our_key_pairs; -DROP TABLE IF EXISTS ${schema}.node_scheduled_states; -DROP TABLE IF EXISTS ${schema}.node_network_map_nodes; -DROP TABLE IF EXISTS ${schema}.node_network_map_subscribers; -DROP TABLE IF EXISTS ${schema}.node_notary_committed_states; -DROP TABLE IF EXISTS ${schema}.node_notary_request_log; -DROP TABLE IF EXISTS ${schema}.node_transaction_mappings; -DROP TABLE IF EXISTS ${schema}.vault_fungible_states_parts; -DROP TABLE IF EXISTS ${schema}.vault_linear_states_parts; -DROP TABLE IF EXISTS ${schema}.vault_fungible_states; -DROP TABLE IF EXISTS ${schema}.vault_linear_states; -DROP TABLE IF EXISTS ${schema}.node_bft_committed_states; -DROP TABLE IF EXISTS ${schema}.node_raft_committed_states; -DROP TABLE IF EXISTS ${schema}.vault_transaction_notes; -DROP TABLE IF EXISTS ${schema}.link_nodeinfo_party; -DROP TABLE IF EXISTS ${schema}.node_link_nodeinfo_party; -DROP TABLE IF EXISTS ${schema}.node_info_party_cert; -DROP TABLE IF EXISTS ${schema}.node_info_hosts; -DROP TABLE IF EXISTS ${schema}.node_infos; -DROP TABLE IF EXISTS ${schema}.cp_states; -DROP TABLE IF EXISTS ${schema}.node_contract_upgrades; -DROP TABLE IF EXISTS ${schema}.node_identities; -DROP TABLE IF EXISTS ${schema}.node_named_identities; -DROP TABLE IF EXISTS ${schema}.children; -DROP TABLE IF EXISTS ${schema}.parents; -DROP TABLE IF EXISTS ${schema}.contract_cash_states; -DROP TABLE IF EXISTS ${schema}.messages; -DROP TABLE IF EXISTS ${schema}.state_participants; -DROP TABLE IF EXISTS ${schema}.cash_states_v2; -DROP TABLE IF EXISTS ${schema}.cash_states_v3; -DROP TABLE IF EXISTS ${schema}.cp_states_v2; -DROP TABLE IF EXISTS ${schema}.dummy_deal_states; -DROP TABLE IF EXISTS ${schema}.dummy_linear_states; -DROP TABLE IF EXISTS ${schema}.dummy_linear_states_v2; -DROP TABLE IF EXISTS ${schema}.node_mutual_exclusion; -DROP SEQUENCE IF EXISTS ${schema}.hibernate_sequence; -DROP TABLE IF EXISTS ${schema}.DATABASECHANGELOG; -DROP TABLE IF EXISTS ${schema}.DATABASECHANGELOGLOCK; -DROP USER IF EXISTS ${schema}; -DROP LOGIN ${schema}; -DROP SCHEMA IF EXISTS ${schema}; -CREATE LOGIN ${schema} WITH PASSWORD = 'yourStrong(!)Password'; -IF NOT EXISTS (SELECT schema_name FROM information_schema.schemata WHERE schema_name = '${schema}') EXEC('CREATE SCHEMA ${schema}'); -IF NOT EXISTS (SELECT * FROM sys.sysusers WHERE name='${schema}') CREATE USER ${schema} FOR LOGIN ${schema}; -GRANT ALTER, DELETE, EXECUTE, INSERT, REFERENCES, SELECT, UPDATE, VIEW DEFINITION ON SCHEMA::${schema} TO ${schema}; -GRANT CREATE TABLE, CREATE PROCEDURE, CREATE FUNCTION, CREATE VIEW TO ${schema}; \ No newline at end of file diff --git a/testing/test-utils/src/main/resources/database-scripts/sql-server-no-default-schema/db-setup.sql b/testing/test-utils/src/main/resources/database-scripts/sql-server-no-default-schema/db-setup.sql deleted file mode 100644 index 8d6cced78d..0000000000 --- a/testing/test-utils/src/main/resources/database-scripts/sql-server-no-default-schema/db-setup.sql +++ /dev/null @@ -1,52 +0,0 @@ -DROP TABLE IF EXISTS ${schema}.cash_state_participants; -DROP TABLE IF EXISTS ${schema}.cash_states_v2_participants; -DROP TABLE IF EXISTS ${schema}.cp_states_v2_participants; -DROP TABLE IF EXISTS ${schema}.dummy_linear_state_parts; -DROP TABLE IF EXISTS ${schema}.dummy_linear_states_v2_parts; -DROP TABLE IF EXISTS ${schema}.dummy_deal_states_parts; -DROP TABLE IF EXISTS ${schema}.node_attachments; -DROP TABLE IF EXISTS ${schema}.node_checkpoints; -DROP TABLE IF EXISTS ${schema}.node_transactions; -DROP TABLE IF EXISTS ${schema}.node_message_retry; -DROP TABLE IF EXISTS ${schema}.node_message_ids; -DROP TABLE IF EXISTS ${schema}.vault_states; -DROP TABLE IF EXISTS ${schema}.node_our_key_pairs; -DROP TABLE IF EXISTS ${schema}.node_scheduled_states; -DROP TABLE IF EXISTS ${schema}.node_network_map_nodes; -DROP TABLE IF EXISTS ${schema}.node_network_map_subscribers; -DROP TABLE IF EXISTS ${schema}.node_notary_committed_states; -DROP TABLE IF EXISTS ${schema}.node_notary_request_log; -DROP TABLE IF EXISTS ${schema}.node_transaction_mappings; -DROP TABLE IF EXISTS ${schema}.vault_fungible_states_parts; -DROP TABLE IF EXISTS ${schema}.vault_linear_states_parts; -DROP TABLE IF EXISTS ${schema}.vault_fungible_states; -DROP TABLE IF EXISTS ${schema}.vault_linear_states; -DROP TABLE IF EXISTS ${schema}.node_bft_committed_states; -DROP TABLE IF EXISTS ${schema}.node_raft_committed_states; -DROP TABLE IF EXISTS ${schema}.vault_transaction_notes; -DROP TABLE IF EXISTS ${schema}.link_nodeinfo_party; -DROP TABLE IF EXISTS ${schema}.node_link_nodeinfo_party; -DROP TABLE IF EXISTS ${schema}.node_info_party_cert; -DROP TABLE IF EXISTS ${schema}.node_info_hosts; -DROP TABLE IF EXISTS ${schema}.node_infos; -DROP TABLE IF EXISTS ${schema}.cp_states; -DROP TABLE IF EXISTS ${schema}.node_contract_upgrades; -DROP TABLE IF EXISTS ${schema}.node_identities; -DROP TABLE IF EXISTS ${schema}.node_named_identities; -DROP TABLE IF EXISTS ${schema}.children; -DROP TABLE IF EXISTS ${schema}.parents; -DROP TABLE IF EXISTS ${schema}.contract_cash_states; -DROP TABLE IF EXISTS ${schema}.contract_cash_states_v1; -DROP TABLE IF EXISTS ${schema}.messages; -DROP TABLE IF EXISTS ${schema}.state_participants; -DROP TABLE IF EXISTS ${schema}.cash_states_v2; -DROP TABLE IF EXISTS ${schema}.cash_states_v3; -DROP TABLE IF EXISTS ${schema}.cp_states_v1; -DROP TABLE IF EXISTS ${schema}.cp_states_v2; -DROP TABLE IF EXISTS ${schema}.dummy_deal_states; -DROP TABLE IF EXISTS ${schema}.dummy_linear_states; -DROP TABLE IF EXISTS ${schema}.dummy_linear_states_v2; -DROP TABLE IF EXISTS ${schema}.node_mutual_exclusion; -DROP TABLE IF EXISTS ${schema}.DATABASECHANGELOG; -DROP TABLE IF EXISTS ${schema}.DATABASECHANGELOGLOCK; -DROP SEQUENCE IF EXISTS ${schema}.hibernate_sequence; \ No newline at end of file diff --git a/testing/test-utils/src/main/resources/database-scripts/sql-server/db-global-setup.sql b/testing/test-utils/src/main/resources/database-scripts/sql-server/db-global-setup.sql index 03fdaa0d8f..3ae1b58e7e 100644 --- a/testing/test-utils/src/main/resources/database-scripts/sql-server/db-global-setup.sql +++ b/testing/test-utils/src/main/resources/database-scripts/sql-server/db-global-setup.sql @@ -68,10 +68,9 @@ DROP TABLE IF EXISTS ${schema}.network_parameters; DROP TABLE IF EXISTS ${schema}.private_network; DROP SEQUENCE IF EXISTS ${schema}.hibernate_sequence; DROP USER IF EXISTS ${schema}; -DROP LOGIN ${schema}; DROP SCHEMA IF EXISTS ${schema}; IF NOT EXISTS (SELECT * FROM sys.server_principals WHERE name = N'${schema}') CREATE LOGIN ${schema} WITH PASSWORD = 'yourStrong(!)Password'; CREATE SCHEMA ${schema}; CREATE USER ${schema} FOR LOGIN ${schema} WITH DEFAULT_SCHEMA = ${schema}; -GRANT ALTER, DELETE, EXECUTE, INSERT, REFERENCES, SELECT, UPDATE, VIEW DEFINITION ON SCHEMA::${schema} TO ${schema}; -GRANT CREATE TABLE, CREATE PROCEDURE, CREATE FUNCTION, CREATE VIEW TO ${schema}; \ No newline at end of file +GRANT SELECT, INSERT, UPDATE, DELETE, VIEW DEFINITION, ALTER, REFERENCES ON SCHEMA::${schema} TO ${schema}; +GRANT CREATE TABLE TO ${schema}; \ No newline at end of file diff --git a/testing/test-utils/src/main/resources/database-scripts/sql-server/db-setup.sql b/testing/test-utils/src/main/resources/database-scripts/sql-server/db-setup.sql index 02f97e118f..82498276cb 100644 --- a/testing/test-utils/src/main/resources/database-scripts/sql-server/db-setup.sql +++ b/testing/test-utils/src/main/resources/database-scripts/sql-server/db-setup.sql @@ -69,5 +69,5 @@ DROP TABLE IF EXISTS ${schema}.private_network; DROP SEQUENCE IF EXISTS ${schema}.hibernate_sequence; IF NOT EXISTS (SELECT schema_name FROM information_schema.schemata WHERE schema_name = '${schema}') EXEC('CREATE SCHEMA ${schema}'); IF NOT EXISTS (SELECT * FROM sys.sysusers WHERE name='${schema}') CREATE USER ${schema} FOR LOGIN ${schema} WITH DEFAULT_SCHEMA = ${schema}; -GRANT ALTER, DELETE, EXECUTE, INSERT, REFERENCES, SELECT, UPDATE, VIEW DEFINITION ON SCHEMA::${schema} TO ${schema}; -GRANT CREATE TABLE, CREATE PROCEDURE, CREATE FUNCTION, CREATE VIEW TO ${schema}; \ No newline at end of file +GRANT SELECT, INSERT, UPDATE, DELETE, VIEW DEFINITION, ALTER, REFERENCES ON SCHEMA::${schema} TO ${schema}; +GRANT CREATE TABLE TO ${schema}; \ No newline at end of file