Skip to content

Commit 5b474bf

Browse files
pyramationpyramation
authored
Merge pull request #53 from constructive-io/devin/1774837402-relation-provision-grants-default
fix(relation_provision): revert grant_privileges default to empty (no grants by default)
2 parents 4054ad0 + accad97 commit 5b474bf

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

  • packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/relation_provision

packages/metaschema-modules/deploy/schemas/metaschema_modules_public/tables/relation_provision/table.sql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -79,7 +79,7 @@ CREATE TABLE metaschema_modules_public.relation_provision (
7979

8080
grant_roles text[] NOT NULL DEFAULT ARRAY['authenticated'],
8181

82-
grant_privileges jsonb[] NOT NULL DEFAULT ARRAY['["select","*"]'::jsonb, '["insert","*"]'::jsonb, '["delete","*"]'::jsonb],
82+
grant_privileges jsonb[] NOT NULL DEFAULT '{}',
8383

8484
-- =========================================================================
8585
-- ManyToMany: RLS policies (forwarded to secure_table_provision)
@@ -269,7 +269,7 @@ COMMENT ON COLUMN metaschema_modules_public.relation_provision.grant_roles IS
269269
'For RelationManyToMany: database roles to grant privileges to on the junction table. Forwarded to secure_table_provision as-is. Supports multiple roles, e.g. ARRAY[''authenticated'', ''admin'']. Each role receives all privileges defined in grant_privileges. Defaults to ARRAY[''authenticated'']. Ignored for RelationBelongsTo/RelationHasOne.';
270270

271271
COMMENT ON COLUMN metaschema_modules_public.relation_provision.grant_privileges IS
272-
'For RelationManyToMany: privilege grants for the junction table. Forwarded to secure_table_provision as-is. Format: PostgreSQL array of jsonb [privilege, columns] tuples. Examples: ARRAY[''["select","*"]''::jsonb, ''["insert","*"]''::jsonb] for full access, or ARRAY[''["update",["name","bio"]]''::jsonb] for column-level grants. "*" means all columns. Defaults to select/insert/delete for all columns. Ignored for RelationBelongsTo/RelationHasOne.';
272+
'For RelationManyToMany: privilege grants for the junction table. Forwarded to secure_table_provision as-is. Format: PostgreSQL array of jsonb [privilege, columns] tuples. Examples: ARRAY[''["select","*"]''::jsonb, ''["insert","*"]''::jsonb] for full access, or ARRAY[''["update",["name","bio"]]''::jsonb] for column-level grants. "*" means all columns. Defaults to ''{}'' (no grants — callers must explicitly specify privileges). Ignored for RelationBelongsTo/RelationHasOne.';
273273

274274
-- =============================================================================
275275
-- ManyToMany: RLS policies (forwarded to secure_table_provision)

0 commit comments

Comments
 (0)