Role + grants for reading + writing SSX acquisition metadata (#168)

KarlLevik · web-flow · commit fd9bf103db52 · 2023-02-28T16:33:01.000Z
* Role and grants for writing SSX acquisition metadata

* Include running the grants in build.sh + instructions in README.md

* Grants for new SSX tables to read-only 'no PII' role
diff --git a/README.md b/README.md
@@ -45,6 +45,7 @@ mysql ispyb < grants/ispyb_import.sql
 mysql ispyb < grants/ispyb_processing.sql
 mysql ispyb < grants/ispyb_ro_nopii.sql
 mysql ispyb < grants/ispyb_scripts_processing.sql
+mysql ispyb < grants/ispyb_ssx_writer.sql
 mysql ispyb < grants/ispyb_touchscreen.sql
 mysql ispyb < grants/ispyb_web.sql
 mysql ispyb < grants/ispyb_web_verify_tests.sql
diff --git a/build.sh b/build.sh
@@ -34,6 +34,7 @@ then
   mysql --defaults-file=.my.cnf -D $DB < grants/ispyb_touchscreen.sql
   mysql --defaults-file=.my.cnf -D $DB < grants/ispyb_web.sql
   mysql --defaults-file=.my.cnf -D $DB < grants/ispyb_web_verify_tests.sql
+  mysql --defaults-file=.my.cnf -D $DB < grants/ispyb_ssx_writer.sql
 
   arr=$(bin/missed_updates.sh)
 
diff --git a/grants/ispyb_ro_nopii.sql b/grants/ispyb_ro_nopii.sql
@@ -225,3 +225,10 @@ GRANT SELECT ON ParticleClassification_has_CryoemInitialModel TO ispyb_ro_nopii;
 GRANT SELECT ON RelativeIceThickness TO ispyb_ro_nopii;
 GRANT SELECT ON Tomogram TO ispyb_ro_nopii;
 GRANT SELECT ON TiltImageAlignment TO ispyb_ro_nopii;
+GRANT SELECT ON SSXDataCollection TO ispyb_ro_nopii;
+GRANT SELECT ON Component TO ispyb_ro_nopii;
+GRANT SELECT ON SampleComposition TO ispyb_ro_nopii;
+GRANT SELECT ON CrystalComposition TO ispyb_ro_nopii;
+GRANT SELECT ON EventChain TO ispyb_ro_nopii;
+GRANT SELECT ON EventType TO ispyb_ro_nopii;
+GRANT SELECT ON Event TO ispyb_ro_nopii;
diff --git a/grants/ispyb_ssx_writer.sql b/grants/ispyb_ssx_writer.sql
@@ -0,0 +1,28 @@
+CREATE ROLE IF NOT EXISTS ispyb_ssx_writer;
+
+-- You also need to create a database user and grant this role to them, e.g.
+-- CREATE USER ispyb_ssx_server@'%' IDENTIFIED BY 'the_password';
+-- GRANT ispyb_ssx_writer TO ispyb_ssx_server@'%';
+-- SET DEFAULT ROLE ispyb_ssx_writer FOR ispyb_ssx_server@'%';
+
+GRANT SELECT ON Proposal TO ispyb_ssx_writer;
+GRANT SELECT ON BLSession TO ispyb_ssx_writer;
+
+GRANT SELECT ON ExperimentType TO ispyb_ssx_writer;
+GRANT SELECT ON ComponentType TO ispyb_ssx_writer;
+GRANT SELECT ON ConcentrationType TO ispyb_ssx_writer;
+GRANT SELECT ON EventType TO ispyb_ssx_writer;
+
+GRANT EXECUTE ON PROCEDURE upsert_dc_group_v3 TO ispyb_ssx_writer;
+GRANT EXECUTE ON PROCEDURE upsert_dc TO ispyb_ssx_writer;
+
+GRANT SELECT, INSERT, UPDATE ON SSXDataCollection TO ispyb_ssx_writer;
+GRANT SELECT, INSERT, UPDATE ON DataCollectionGroup TO ispyb_ssx_writer;
+GRANT SELECT, INSERT, UPDATE ON DataCollection TO ispyb_ssx_writer;
+
+GRANT SELECT, INSERT, UPDATE ON EventChain TO ispyb_ssx_writer;
+GRANT SELECT, INSERT, UPDATE ON Event TO ispyb_ssx_writer;
+
+GRANT SELECT, INSERT, UPDATE ON Component TO ispyb_ssx_writer;
+GRANT SELECT, INSERT, UPDATE ON SampleComposition TO ispyb_ssx_writer;
+GRANT SELECT, INSERT, UPDATE ON CrystalComposition TO ispyb_ssx_writer;
