dev/benchmarking/ddl/5_00_permissions.sql - arrow-experimental-rs-parquet2 - Git at Google

 /*
   Licensed to the Apache Software Foundation (ASF) under one
   or more contributor license agreements.  See the NOTICE file
   distributed with this work for additional information
   regarding copyright ownership.  The ASF licenses this file
   to you under the Apache License, Version 2.0 (the
   "License"); you may not use this file except in compliance
   with the License.  You may obtain a copy of the License at

     http://www.apache.org/licenses/LICENSE-2.0

   Unless required by applicable law or agreed to in writing,
   software distributed under the License is distributed on an
   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
   KIND, either express or implied.  See the License for the
   specific language governing permissions and limitations
   under the License.
 */
 ---------------------------- ROLES ----------------------------
 -- ARROW_WEB
 CREATE ROLE arrow_web login password 'arrow';
 COMMENT ON ROLE arrow_web IS 'Anonymous login user.';

 -- ARROW_ADMIN
 CREATE ROLE arrow_admin;
 COMMENT ON ROLE arrow_admin
   IS 'Can select, insert, update, and delete on all public tables.';

 -- ARROW_ANONYMOUS
 CREATE ROLE arrow_anonymous;
 COMMENT ON ROLE arrow_anonymous
   IS 'Can insert and select on all public tables.';

 GRANT arrow_anonymous TO arrow_web;


 ---------------------------- PRIVILEGES ----------------------------
 GRANT USAGE ON SCHEMA public TO arrow_anonymous, arrow_admin;

 -- ARROW_ADMIN
 GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO arrow_admin;
 GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public to arrow_admin;
 GRANT SELECT, UPDATE, INSERT, DELETE ON ALL TABLES IN SCHEMA public
   TO arrow_admin;

 -- ARROW_ANONYMOUS
 GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO arrow_anonymous;
 GRANT SELECT ON ALL TABLES IN SCHEMA public TO arrow_anonymous;
 GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public to arrow_anonymous;
 GRANT INSERT ON
   public.benchmark
   , public.benchmark_language
   , public.dependencies
   , public.language_implementation_version
   , public.benchmark_run
   , public.benchmark_type
   , public.cpu
   , public.environment
   , public.environment_view
   , public.gpu
   , public.machine
   , public.machine_view
   , public.os
   , public.unit
   --, public.project  -- The only disallowed table is `project`.
   , public.benchmark_run_view
   , public.benchmark_view
   , public.environment_view
   , public.full_benchmark_run_view
   , public.language_implementation_version_view
   , public.machine_view
   , public.unit_view
 TO arrow_anonymous;
	/*
	Licensed to the Apache Software Foundation (ASF) under one
	or more contributor license agreements. See the NOTICE file
	distributed with this work for additional information
	regarding copyright ownership. The ASF licenses this file
	to you under the Apache License, Version 2.0 (the
	"License"); you may not use this file except in compliance
	with the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing,
	software distributed under the License is distributed on an
	"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	KIND, either express or implied. See the License for the
	specific language governing permissions and limitations
	under the License.
	*/
	---------------------------- ROLES ----------------------------
	-- ARROW_WEB
	CREATE ROLE arrow_web login password 'arrow';
	COMMENT ON ROLE arrow_web IS 'Anonymous login user.';

	-- ARROW_ADMIN
	CREATE ROLE arrow_admin;
	COMMENT ON ROLE arrow_admin
	IS 'Can select, insert, update, and delete on all public tables.';

	-- ARROW_ANONYMOUS
	CREATE ROLE arrow_anonymous;
	COMMENT ON ROLE arrow_anonymous
	IS 'Can insert and select on all public tables.';

	GRANT arrow_anonymous TO arrow_web;


	---------------------------- PRIVILEGES ----------------------------
	GRANT USAGE ON SCHEMA public TO arrow_anonymous, arrow_admin;

	-- ARROW_ADMIN
	GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO arrow_admin;
	GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public to arrow_admin;
	GRANT SELECT, UPDATE, INSERT, DELETE ON ALL TABLES IN SCHEMA public
	TO arrow_admin;

	-- ARROW_ANONYMOUS
	GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO arrow_anonymous;
	GRANT SELECT ON ALL TABLES IN SCHEMA public TO arrow_anonymous;
	GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public to arrow_anonymous;
	GRANT INSERT ON
	public.benchmark
	, public.benchmark_language
	, public.dependencies
	, public.language_implementation_version
	, public.benchmark_run
	, public.benchmark_type
	, public.cpu
	, public.environment
	, public.environment_view
	, public.gpu
	, public.machine
	, public.machine_view
	, public.os
	, public.unit
	--, public.project -- The only disallowed table is `project`.
	, public.benchmark_run_view
	, public.benchmark_view
	, public.environment_view
	, public.full_benchmark_run_view
	, public.language_implementation_version_view
	, public.machine_view
	, public.unit_view
	TO arrow_anonymous;