From 58288aeda28b11490da5681bfe35deee90de07af Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Thu, 19 Jun 2025 17:26:01 +0100
Subject: [PATCH] Give grant read access to the database

---
 cookbooks/db/recipes/master.rb | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/cookbooks/db/recipes/master.rb b/cookbooks/db/recipes/master.rb
index a376e5e17..c56c0557d 100644
--- a/cookbooks/db/recipes/master.rb
+++ b/cookbooks/db/recipes/master.rb
@@ -26,6 +26,10 @@ postgresql_user "tomh" do
   superuser true
 end
 
+postgresql_user "grant" do
+  cluster node[:db][:cluster]
+end
+
 postgresql_user "openstreetmap" do
   cluster node[:db][:cluster]
   password passwords["openstreetmap"]
@@ -197,7 +201,8 @@ PROMETHEUS_PERMISSIONS = {
                 "planetdump" => PLANETDUMP_PERMISSIONS[table],
                 "planetdiff" => PLANETDIFF_PERMISSIONS[table],
                 "prometheus" => PROMETHEUS_PERMISSIONS[table],
-                "backup" => [:select]
+                "backup" => [:select],
+                "grant" => [:select]
   end
 end
 
@@ -241,7 +246,8 @@ end
     permissions "openstreetmap" => [:all],
                 "rails" => [:usage],
                 "cgimap" => CGIMAP_PERMISSIONS[sequence],
-                "backup" => [:select]
+                "backup" => [:select],
+                "grant" => [:select]
   end
 end
 
-- 
2.39.5