Skip to content

feat(public-catalog): add GRANT USAGE on catalog, attribute, tenant schemas and SELECT on tables to public_catalog_updater_user in prod #354

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

feat(public-catalog): add GRANT USAGE on catalog, attribute, tenant schemas and SELECT on tables to public_catalog_updater_user in prod #354

wants to merge 3 commits into from
+15 −0

Conversation

@micheledellipaoli-pagopa
Copy link
Contributor

@micheledellipaoli-pagopa micheledellipaoli-pagopa commented Oct 28, 2025

No description provided.

@micheledellipaoli-pagopa micheledellipaoli-pagopa changed the title feat: add GRANT USAGE on catalog, attribute, tenant schemas and SELECT on tables to public_catalog_updater_user feat(public-catalog): add GRANT USAGE on catalog, attribute, tenant schemas and SELECT on tables to public_catalog_updater_user in prod Oct 28, 2025
paolomanca-pagopa
paolomanca-pagopa reviewed Oct 28, 2025
View reviewed changes
commons/prod/configmaps/flyway-readmodel-catalog-configmap.yaml
V1.2__Grant_Select_to_PublicCatalogUpdater.sql: |-
GRANT USAGE ON SCHEMA "${NAMESPACE}_catalog" to "public_catalog_updater_user";
GRANT SELECT ON TABLE "${NAMESPACE}_catalog".eservice TO "public_catalog_updater_user";
Copy link
Contributor

@paolomanca-pagopa paolomanca-pagopa Oct 28, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure about to give this granular permissions on specific tables?
A join with another table is enough to cause a permission error.

Otherwise you can set:
GRANT SELECT ON ALL TABLES IN SCHEMA "${NAMESPACE}_catalog".eservice TO "public_catalog_updater_user";

Same for other migration files

Copy link
Contributor

@micdes-pagopa micdes-pagopa Oct 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We opted to be as granular as possible with this user since it will copy data from the "private" catalog to the public catalog

@galales galales mentioned this pull request Nov 27, 2025
Merged
@galales
Copy link
Contributor

galales commented Nov 27, 2025

replaced by #435

@galales galales closed this Nov 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@galales galales galales approved these changes

@paolomanca-pagopa paolomanca-pagopa paolomanca-pagopa approved these changes

@micdes-pagopa micdes-pagopa Awaiting requested review from micdes-pagopa micdes-pagopa is a code owner

@beetlecrunch beetlecrunch Awaiting requested review from beetlecrunch beetlecrunch is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@micheledellipaoli-pagopa @galales @micdes-pagopa @paolomanca-pagopa