CSPACE-3226 - Added grants for reader account to mysql db setup. Enables report autho...

author Patrick Schmitz <pschmitz@berkeley.edu>

Fri, 3 Dec 2010 23:06:24 +0000 (23:06 +0000)

committer Patrick Schmitz <pschmitz@berkeley.edu>

Fri, 3 Dec 2010 23:06:24 +0000 (23:06 +0000)
author Patrick Schmitz <pschmitz@berkeley.edu>
Fri, 3 Dec 2010 23:06:24 +0000 (23:06 +0000)
committer Patrick Schmitz <pschmitz@berkeley.edu>
Fri, 3 Dec 2010 23:06:24 +0000 (23:06 +0000)
diff --git a/src/main/resources/db/mysql/init_db.sql b/src/main/resources/db/mysql/init_db.sql

index 3e58963efb1b71f44bb02c69af0f7bf3e80b9149..03e8875e4a87403bb9f9b24695366f7460c01d98 100644 (file)
--- a/src/main/resources/db/mysql/init_db.sql
+++ b/src/main/resources/db/mysql/init_db.sql
@@ -37,5 +37,16 @@ FLUSH PRIVILEGES;
  GRANT ALL PRIVILEGES ON cspace.* TO 'test'@'localhost' IDENTIFIED BY 'test' WITH GRANT OPTION;\r
  FLUSH PRIVILEGES;\r
  GRANT ALL PRIVILEGES ON nuxeo.* TO 'test'@'localhost' IDENTIFIED BY 'test' WITH GRANT OPTION;\r
+--\r
+-- Grant privileges to read-only user on Nuxeo, for reporting. \r
+--\r
+GRANT SELECT ON nuxeo.* TO 'reader'@'localhost' IDENTIFIED BY 'read';\r
+--\r
+-- Grant privileges to remote read-only users on Nuxeo, for reporting. \r
+-- These should be changed to reflect your domain. Avoid specifying\r
+-- 'reader'@'%' (while simple and flexible, this is a potential security hole).\r
+--\r
+GRANT SELECT ON nuxeo.* TO 'reader'@'%.berkeley.edu' IDENTIFIED BY 'read';\r
+GRANT SELECT ON nuxeo.* TO 'reader'@'%.movingimage.us' IDENTIFIED BY 'read';\r
  FLUSH PRIVILEGES;\r
  \r
author	Patrick Schmitz <pschmitz@berkeley.edu>
	Fri, 3 Dec 2010 23:06:24 +0000 (23:06 +0000)
committer	Patrick Schmitz <pschmitz@berkeley.edu>
	Fri, 3 Dec 2010 23:06:24 +0000 (23:06 +0000)