Skip to content

Commit 4054ad0

Browse files
authored
Merge pull request #52 from constructive-io/devin/1774834789-sync-stp-comment
docs(secure_table_provision): clarify grant_privileges defaults to empty (no grants)
2 parents 874490c + de0b03c commit 4054ad0

2 files changed

Lines changed: 2 additions & 2 deletions

File tree

packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/secure_table_provision/table.sql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,7 @@ COMMENT ON COLUMN metaschema_modules_public.secure_table_provision.grant_roles I
8080
'Database roles to grant privileges to. Supports multiple roles, e.g. ARRAY[''authenticated'', ''admin'']. Each role receives all privileges defined in grant_privileges. Defaults to ARRAY[''authenticated''].';
8181

8282
COMMENT ON COLUMN metaschema_modules_public.secure_table_provision.grant_privileges IS
83-
'PostgreSQL array of jsonb [privilege, columns] tuples defining table grants. Examples: ARRAY[''["select","*"]''::jsonb, ''["insert","*"]''::jsonb] for full access, or ARRAY[''["update",["name","bio"]]''::jsonb] for column-level grants. "*" means all columns; an array means column-level grant. Defaults to ''{}'' (no grants). Type safety is enforced by PostgreSQL at INSERT time.';
83+
'PostgreSQL array of jsonb [privilege, columns] tuples defining table grants. Examples: ARRAY[''["select","*"]''::jsonb, ''["insert","*"]''::jsonb] for full access, or ARRAY[''["update",["name","bio"]]''::jsonb] for column-level grants. "*" means all columns; an array means column-level grant. Defaults to ''{}'' (no grants — callers must explicitly specify privileges). Type safety is enforced by PostgreSQL at INSERT time.';
8484

8585
COMMENT ON COLUMN metaschema_modules_public.secure_table_provision.policy_type IS
8686
'Policy generator type, e.g. ''AuthzEntityMembership'', ''AuthzMembership'', ''AuthzAllowAll''. NULL means no policy is created. When set, the trigger automatically enables RLS on the target table.';

packages/metaschema-modules/sql/metaschema-modules--0.15.5.sql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -421,7 +421,7 @@ COMMENT ON COLUMN metaschema_modules_public.secure_table_provision.node_data IS
421421

422422
COMMENT ON COLUMN metaschema_modules_public.secure_table_provision.grant_roles IS 'Database roles to grant privileges to. Supports multiple roles, e.g. ARRAY[''authenticated'', ''admin'']. Each role receives all privileges defined in grant_privileges. Defaults to ARRAY[''authenticated''].';
423423

424-
COMMENT ON COLUMN metaschema_modules_public.secure_table_provision.grant_privileges IS 'Array of [privilege, columns] tuples defining table grants. Examples: [["select","*"],["insert","*"]] for full access, or [["update",["name","bio"]]] for column-level grants. "*" means all columns; an array means column-level grant. Defaults to ''[]'' (no grants). The trigger validates this is a proper jsonb array.';
424+
COMMENT ON COLUMN metaschema_modules_public.secure_table_provision.grant_privileges IS 'Array of [privilege, columns] tuples defining table grants. Examples: [["select","*"],["insert","*"]] for full access, or [["update",["name","bio"]]] for column-level grants. "*" means all columns; an array means column-level grant. Defaults to ''[]'' (no grants — callers must explicitly specify privileges). The trigger validates this is a proper jsonb array.';
425425

426426
COMMENT ON COLUMN metaschema_modules_public.secure_table_provision.policy_type IS 'Policy generator type, e.g. ''AuthzEntityMembership'', ''AuthzMembership'', ''AuthzAllowAll''. NULL means no policy is created. When set, the trigger automatically enables RLS on the target table.';
427427

0 commit comments

Comments
 (0)