FilesExpand file tree

 main

/

sa_db_users.sql

Copy path

BlameMore file actions

BlameMore file actions

Latest commit

 

History

History

History

95 lines (83 loc) · 4.31 KB

 main

/

sa_db_users.sql

Top

File metadata and controls

• Code
• Blame

95 lines (83 loc) · 4.31 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

-- sa_db_users.sql is run by test/create_db.sh to create users for each

-- component with the appropriate permissions.

-- These lines require MariaDB 10.1+

CREATE USER IF NOT EXISTS 'policy'@'localhost';

CREATE USER IF NOT EXISTS 'sa'@'localhost';

CREATE USER IF NOT EXISTS 'sa_ro'@'localhost';

CREATE USER IF NOT EXISTS 'ocsp_resp'@'localhost';

CREATE USER IF NOT EXISTS 'revoker'@'localhost';

CREATE USER IF NOT EXISTS 'importer'@'localhost';

CREATE USER IF NOT EXISTS 'mailer'@'localhost';

CREATE USER IF NOT EXISTS 'cert_checker'@'localhost';

CREATE USER IF NOT EXISTS 'ocsp_update'@'localhost';

CREATE USER IF NOT EXISTS 'ocsp_update_ro'@'localhost';

CREATE USER IF NOT EXISTS 'test_setup'@'localhost';

CREATE USER IF NOT EXISTS 'badkeyrevoker'@'localhost';

-- Storage Authority

GRANT SELECT,INSERT ON certificates TO 'sa'@'localhost';

GRANT SELECT,INSERT,UPDATE ON certificateStatus TO 'sa'@'localhost';

GRANT SELECT,INSERT ON issuedNames TO 'sa'@'localhost';

GRANT SELECT,INSERT,UPDATE ON certificatesPerName TO 'sa'@'localhost';

GRANT SELECT,INSERT,UPDATE ON registrations TO 'sa'@'localhost';

GRANT SELECT,INSERT on fqdnSets TO 'sa'@'localhost';

GRANT SELECT,INSERT,UPDATE ON orders TO 'sa'@'localhost';

GRANT SELECT,INSERT ON requestedNames TO 'sa'@'localhost';

GRANT SELECT,INSERT,DELETE ON orderFqdnSets TO 'sa'@'localhost';

GRANT SELECT,INSERT,UPDATE ON authz2 TO 'sa'@'localhost';

GRANT SELECT,INSERT ON orderToAuthz2 TO 'sa'@'localhost';

GRANT INSERT,SELECT ON serials TO 'sa'@'localhost';

GRANT SELECT,INSERT ON precertificates TO 'sa'@'localhost';

GRANT SELECT,INSERT ON keyHashToSerial TO 'sa'@'localhost';

GRANT SELECT,INSERT ON blockedKeys TO 'sa'@'localhost';

GRANT SELECT,INSERT,UPDATE ON newOrdersRL TO 'sa'@'localhost';

GRANT SELECT ON certificates TO 'sa_ro'@'localhost';

GRANT SELECT ON certificateStatus TO 'sa_ro'@'localhost';

GRANT SELECT ON issuedNames TO 'sa_ro'@'localhost';

GRANT SELECT ON certificatesPerName TO 'sa_ro'@'localhost';

GRANT SELECT ON registrations TO 'sa_ro'@'localhost';

GRANT SELECT on fqdnSets TO 'sa_ro'@'localhost';

GRANT SELECT ON orders TO 'sa_ro'@'localhost';

GRANT SELECT ON requestedNames TO 'sa_ro'@'localhost';

GRANT SELECT ON orderFqdnSets TO 'sa_ro'@'localhost';

GRANT SELECT ON authz2 TO 'sa_ro'@'localhost';

GRANT SELECT ON orderToAuthz2 TO 'sa_ro'@'localhost';

GRANT SELECT ON serials TO 'sa_ro'@'localhost';

GRANT SELECT ON precertificates TO 'sa_ro'@'localhost';

GRANT SELECT ON keyHashToSerial TO 'sa_ro'@'localhost';

GRANT SELECT ON blockedKeys TO 'sa_ro'@'localhost';

GRANT SELECT ON newOrdersRL TO 'sa_ro'@'localhost';

-- OCSP Responder

GRANT SELECT ON certificateStatus TO 'ocsp_resp'@'localhost';

-- OCSP Generator Tool (Updater)

GRANT SELECT ON certificates TO 'ocsp_update'@'localhost';

GRANT SELECT,UPDATE ON certificateStatus TO 'ocsp_update'@'localhost';

GRANT SELECT ON precertificates TO 'ocsp_update'@'localhost';

GRANT SELECT ON certificates TO 'ocsp_update_ro'@'localhost';

GRANT SELECT ON certificateStatus TO 'ocsp_update_ro'@'localhost';

GRANT SELECT ON precertificates TO 'ocsp_update_ro'@'localhost';

-- Revoker Tool

GRANT SELECT ON registrations TO 'revoker'@'localhost';

GRANT SELECT ON certificates TO 'revoker'@'localhost';

GRANT SELECT ON precertificates TO 'revoker'@'localhost';

GRANT SELECT ON keyHashToSerial TO 'revoker'@'localhost';

GRANT SELECT,UPDATE ON blockedKeys TO 'revoker'@'localhost';

-- Expiration mailer

GRANT SELECT ON certificates TO 'mailer'@'localhost';

GRANT SELECT ON registrations TO 'mailer'@'localhost';

GRANT SELECT,UPDATE ON certificateStatus TO 'mailer'@'localhost';

GRANT SELECT ON fqdnSets TO 'mailer'@'localhost';

-- Cert checker

GRANT SELECT ON certificates TO 'cert_checker'@'localhost';

-- Bad Key Revoker

GRANT SELECT,UPDATE ON blockedKeys TO 'badkeyrevoker'@'localhost';

GRANT SELECT ON keyHashToSerial TO 'badkeyrevoker'@'localhost';

GRANT SELECT ON certificateStatus TO 'badkeyrevoker'@'localhost';

GRANT SELECT ON precertificates TO 'badkeyrevoker'@'localhost';

GRANT SELECT ON registrations TO 'badkeyrevoker'@'localhost';

-- Test setup and teardown

GRANT ALL PRIVILEGES ON * to 'test_setup'@'localhost';

-- Temporary fqdnSets_old permissions

-- TODO(#5670): Remove these when partitioning is fixed.

GRANT SELECT,INSERT on fqdnSets_old TO 'sa'@'localhost';

GRANT SELECT on fqdnSets_old TO 'sa_ro'@'localhost';

GRANT SELECT ON fqdnSets_old TO 'mailer'@'localhost';