Minimise permissions for planetdump and planetdiff users

diff --git a/cookbooks/db/recipes/master.rb b/cookbooks/db/recipes/master.rb
index 53946e15dcc22b168e68cffe837b6d6e139d9d15..c2450a7a46444bcd498d296e9439f1dfdb5f8d2e 100644 (file)
--- a/cookbooks/db/recipes/master.rb
+++ b/cookbooks/db/recipes/master.rb
@@ -117,12 +117,24 @@ end
   gpx_files
   languages
   messages
-  note_comments
-  notes
   redactions
   schema_migrations
   user_preferences
   user_tokens
+].each do |table|
+  postgresql_table table do
+    cluster node[:db][:cluster]
+    database "openstreetmap"
+    owner "openstreetmap"
+    permissions "openstreetmap" => [:all],
+                "rails" => [:select, :insert, :update, :delete],
+                "backup" => [:select]
+  end
+end
+
+%w[
+  note_comments
+  notes
 ].each do |table|
   postgresql_table table do
     cluster node[:db][:cluster]
@@ -131,7 +143,6 @@ end
     permissions "openstreetmap" => [:all],
                 "rails" => [:select, :insert, :update, :delete],
                 "planetdump" => [:select],
-                "planetdiff" => [:select],
                 "backup" => [:select]
   end
 end
@@ -139,9 +150,20 @@ end
 %w[
   changeset_comments
   changeset_tags
-  client_applications
-  user_blocks
-  user_roles
+].each do |table|
+  postgresql_table table do
+    cluster node[:db][:cluster]
+    database "openstreetmap"
+    owner "openstreetmap"
+    permissions "openstreetmap" => [:all],
+                "rails" => [:select, :insert, :update, :delete],
+                "cgimap" => [:select],
+                "planetdiff" => [:select],
+                "backup" => [:select]
+  end
+end
+
+%w[
   users
 ].each do |table|
   postgresql_table table do
@@ -165,7 +187,6 @@ end
     permissions "openstreetmap" => [:all],
                 "rails" => [:select, :insert, :update, :delete],
                 "cgimap" => [:select, :update],
-                "planetdump" => [:select],
                 "planetdiff" => [:select],
                 "backup" => [:select]
   end
@@ -183,8 +204,6 @@ end
     permissions "openstreetmap" => [:all],
                 "rails" => [:select, :insert, :update, :delete],
                 "cgimap" => [:select, :insert, :update],
-                "planetdump" => [:select],
-                "planetdiff" => [:select],
                 "backup" => [:select]
   end
 end
@@ -203,8 +222,6 @@ end
     permissions "openstreetmap" => [:all],
                 "rails" => [:select, :insert, :update, :delete],
                 "cgimap" => [:select, :insert, :delete],
-                "planetdump" => [:select],
-                "planetdiff" => [:select],
                 "backup" => [:select]
   end
 end
@@ -226,17 +243,19 @@ end
     permissions "openstreetmap" => [:all],
                 "rails" => [:select, :insert, :update, :delete],
                 "cgimap" => [:select, :insert],
-                "planetdump" => [:select],
                 "planetdiff" => [:select],
                 "backup" => [:select]
   end
 end
 
 %w[
+  client_applications
   oauth_access_grants
   oauth_access_tokens
   oauth_applications
   oauth_tokens
+  user_blocks
+  user_roles
 ].each do |table|
   postgresql_table table do
     cluster node[:db][:cluster]