@@ -31,3 +31,165 @@ SELECT uuid(), role_id, 'quotaCreditsList', permission, sort_order
3131FROM ` cloud` ` role_permissions`
3232WHERE rp .rule = ' quotaStatement'
3333AND NOT EXISTS(SELECT 1 FROM cloud .role_permissions rp_ WHERE rp .role_id = rp_ .role_id AND rp_ .rule = ' quotaCreditsList'
34+
35+ -- Grant access to 2FA APIs for the "Read-Only User - Default" role
36+
37+ UPDATE ` cloud` ` role_permissions` ` rp`
38+ SET ` rp` ` sort_order` = ` rp` ` sort_order` + 3
39+ WHERE ` rp` ` rule` = ' *'
40+ AND ` rp` ` permission` = ' DENY'
41+ AND ` rp` ` role_id` IN (
42+ SELECT ` r` ` id`
43+ FROM ` cloud` ` roles` ` r`
44+ WHERE ` r` ` name` = ' Read-Only User - Default'
45+ AND ` r` ` is_default` = 1
46+ );
47+
48+ INSERT INTO ` cloud` ` role_permissions`
49+ (uuid, role_id, rule, permission, sort_order)
50+ SELECT uuid(), role_id, ' setupUserTwoFactorAuthentication' ' ALLOW' MAX (sort_order) - 3
51+ FROM ` cloud` ` role_permissions`
52+ WHERE role_id = (
53+ SELECT ` r` ` id`
54+ FROM ` cloud` ` roles` ` r`
55+ WHERE ` r` ` name` = ' Read-Only User - Default'
56+ AND ` r` ` is_default` = 1
57+ );
58+
59+ INSERT INTO ` cloud` ` role_permissions`
60+ (uuid, role_id, rule, permission, sort_order)
61+ SELECT uuid(), role_id, ' validateUserTwoFactorAuthenticationCode' ' ALLOW' MAX (sort_order) - 2
62+ FROM ` cloud` ` role_permissions`
63+ WHERE role_id = (
64+ SELECT ` r` ` id`
65+ FROM ` cloud` ` roles` ` r`
66+ WHERE ` r` ` name` = ' Read-Only User - Default'
67+ AND ` r` ` is_default` = 1
68+ );
69+
70+ INSERT INTO ` cloud` ` role_permissions`
71+ (uuid, role_id, rule, permission, sort_order)
72+ SELECT uuid(), role_id, ' listUserTwoFactorAuthenticatorProviders' ' ALLOW' MAX (sort_order) - 1
73+ FROM ` cloud` ` role_permissions`
74+ WHERE role_id = (
75+ SELECT ` r` ` id`
76+ FROM ` cloud` ` roles` ` r`
77+ WHERE ` r` ` name` = ' Read-Only User - Default'
78+ AND ` r` ` is_default` = 1
79+ );
80+
81+ -- Grant access to 2FA APIs for the "Support User - Default" role
82+
83+ UPDATE ` cloud` ` role_permissions` ` rp`
84+ SET ` rp` ` sort_order` = ` rp` ` sort_order` + 3
85+ WHERE ` rp` ` rule` = ' *'
86+ AND ` rp` ` permission` = ' DENY'
87+ AND ` rp` ` role_id` IN (
88+ SELECT ` r` ` id`
89+ FROM ` cloud` ` roles` ` r`
90+ WHERE ` r` ` name` = ' Support User - Default'
91+ AND ` r` ` is_default` = 1
92+ );
93+
94+ INSERT INTO ` cloud` ` role_permissions`
95+ (uuid, role_id, rule, permission, sort_order)
96+ SELECT uuid(), role_id, ' setupUserTwoFactorAuthentication' ' ALLOW' MAX (sort_order) - 3
97+ FROM ` cloud` ` role_permissions`
98+ WHERE role_id = (
99+ SELECT ` r` ` id`
100+ FROM ` cloud` ` roles` ` r`
101+ WHERE ` r` ` name` = ' Support User - Default'
102+ AND ` r` ` is_default` = 1
103+ );
104+
105+ INSERT INTO ` cloud` ` role_permissions`
106+ (uuid, role_id, rule, permission, sort_order)
107+ SELECT uuid(), role_id, ' validateUserTwoFactorAuthenticationCode' ' ALLOW' MAX (sort_order) - 2
108+ FROM ` cloud` ` role_permissions`
109+ WHERE role_id = (
110+ SELECT ` r` ` id`
111+ FROM ` cloud` ` roles` ` r`
112+ WHERE ` r` ` name` = ' Support User - Default'
113+ AND ` r` ` is_default` = 1
114+ );
115+
116+ INSERT INTO ` cloud` ` role_permissions`
117+ (uuid, role_id, rule, permission, sort_order)
118+ SELECT uuid(), role_id, ' listUserTwoFactorAuthenticatorProviders' ' ALLOW' MAX (sort_order) - 1
119+ FROM ` cloud` ` role_permissions`
120+ WHERE role_id = (
121+ SELECT ` r` ` id`
122+ FROM ` cloud` ` roles` ` r`
123+ WHERE ` r` ` name` = ' Support User - Default'
124+ AND ` r` ` is_default` = 1
125+ );
126+
127+ -- Grant access to 2FA APIs for the "Read-Only Admin - Default" role
128+
129+ UPDATE ` cloud` ` role_permissions` ` rp`
130+ SET ` rp` ` sort_order` = ` rp` ` sort_order` + 2
131+ WHERE ` rp` ` rule` = ' *'
132+ AND ` rp` ` permission` = ' DENY'
133+ AND ` rp` ` role_id` IN (
134+ SELECT ` r` ` id`
135+ FROM ` cloud` ` roles` ` r`
136+ WHERE ` r` ` name` = ' Read-Only Admin - Default'
137+ AND ` r` ` is_default` = 1
138+ );
139+
140+ INSERT INTO ` cloud` ` role_permissions`
141+ (uuid, role_id, rule, permission, sort_order)
142+ SELECT uuid(), role_id, ' setupUserTwoFactorAuthentication' ' ALLOW' MAX (sort_order) - 2
143+ FROM ` cloud` ` role_permissions`
144+ WHERE role_id = (
145+ SELECT ` r` ` id`
146+ FROM ` cloud` ` roles` ` r`
147+ WHERE ` r` ` name` = ' Read-Only Admin - Default'
148+ AND ` r` ` is_default` = 1
149+ );
150+
151+ INSERT INTO ` cloud` ` role_permissions`
152+ (uuid, role_id, rule, permission, sort_order)
153+ SELECT uuid(), role_id, ' validateUserTwoFactorAuthenticationCode' ' ALLOW' MAX (sort_order) - 1
154+ FROM ` cloud` ` role_permissions`
155+ WHERE role_id = (
156+ SELECT ` r` ` id`
157+ FROM ` cloud` ` roles` ` r`
158+ WHERE ` r` ` name` = ' Read-Only Admin - Default'
159+ AND ` r` ` is_default` = 1
160+ );
161+
162+ -- Grant access to 2FA APIs for the "Support Admin - Default" role
163+
164+ UPDATE ` cloud` ` role_permissions` ` rp`
165+ SET ` rp` ` sort_order` = ` rp` ` sort_order` + 2
166+ WHERE ` rp` ` rule` = ' *'
167+ AND ` rp` ` permission` = ' DENY'
168+ AND ` rp` ` role_id` IN (
169+ SELECT ` r` ` id`
170+ FROM ` cloud` ` roles` ` r`
171+ WHERE ` r` ` name` = ' Support Admin - Default'
172+ AND ` r` ` is_default` = 1
173+ );
174+
175+ INSERT INTO ` cloud` ` role_permissions`
176+ (uuid, role_id, rule, permission, sort_order)
177+ SELECT uuid(), role_id, ' setupUserTwoFactorAuthentication' ' ALLOW' MAX (sort_order) - 2
178+ FROM ` cloud` ` role_permissions`
179+ WHERE role_id = (
180+ SELECT ` r` ` id`
181+ FROM ` cloud` ` roles` ` r`
182+ WHERE ` r` ` name` = ' Support Admin - Default'
183+ AND ` r` ` is_default` = 1
184+ );
185+
186+ INSERT INTO ` cloud` ` role_permissions`
187+ (uuid, role_id, rule, permission, sort_order)
188+ SELECT uuid(), role_id, ' validateUserTwoFactorAuthenticationCode' ' ALLOW' MAX (sort_order) - 1
189+ FROM ` cloud` ` role_permissions`
190+ WHERE role_id = (
191+ SELECT ` r` ` id`
192+ FROM ` cloud` ` roles` ` r`
193+ WHERE ` r` ` name` = ' Support Admin - Default'
194+ AND ` r` ` is_default` = 1
195+ );
0 commit comments